CVE-2016-0883

Published Sep 18, 2016

Last updated 8 years ago

Overview

Description: Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
Source: security_alert@emc.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42ADBC47-EDCB-4264-9C23-1CA7E37F22E3",
            "versionEndIncluding": "1.5.13"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E4F479-F7CA-4712-9FCD-BCA81FE158AA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D65021E-B67D-4EF1-A131-87D46BDDC625"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71F33A0C-470C-469E-8CB7-B5CF2E4397F4"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EB51900-C380-4996-B57B-2588970C4BAC"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D75AAFC-E49B-4539-B1D4-15589F0E0BE3"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBA9E4C0-89AD-4983-9E5A-24B2240D580F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2468F8D1-05CE-4416-BF34-B23F6CA87E2D"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACA3E75B-AE5E-4A5B-A11B-E1AA99B4BFBB"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CBB83FC-8578-427E-A71D-78BE93A0A354"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References