CVE-2016-9880

Опубликовано: 16 мар. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.

Ссылки

http://www.securityfocus.com/bid/96146
Third Party Advisory
VDB Entry
https://pivotal.io/security/cve-2016-9880
Vendor Advisory
http://www.securityfocus.com/bid/96146
Third Party Advisory
VDB Entry
https://pivotal.io/security/cve-2016-9880
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:*:*:*:*:*:*:*:*

Версия от 1.6.0 (включая) до 1.6.5 (исключая)

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.0206

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-2qmx-2jj7-w7qw