Overview
- Description
- The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0C5E862-1E0D-4078-A0EF-8A3C11FC4B10",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBEA1A89-84E4-4435-9AC5-29F972F0D7A4"
}
],
"operator": "OR"
}
]
}
]