CVE-2016-6659
N/A
N/A
Summary
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier | Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier | affected |
Weaknesses
- Privilege Escalation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.