- Description
- The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0C5E862-1E0D-4078-A0EF-8A3C11FC4B10",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBEA1A89-84E4-4435-9AC5-29F972F0D7A4"
}
],
"operator": "OR"
}
]
}
]