CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-6637

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile14.78th
Published2016年9月30日
Last Modified2026年5月6日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.

Affected Platforms (CPE)

📦
Cloudfoundry

Cloud Foundry Uaa Bosh

<= 15.0
📦
Pivotal Software

Cloud Foundry

<= 241
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.0
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.1
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.2
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.3
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.4
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.5
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.6
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.7
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.8
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.9
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.10
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.11
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.12
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.13
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.14
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.15
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.17
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.18
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.19
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.20
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.21
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.22
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.23
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.25
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.26
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.27
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.28
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.29
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.30
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.31
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.32
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.33
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.34
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.35
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.36
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.37
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.38
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.6.39
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.0
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.1
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.2
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.3
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.4
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.5
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.6
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.7
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.8
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.9
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.10
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.11
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.12
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.13
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.14
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.15
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.16
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.17
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.18
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.19
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.7.20
📦
Pivotal Software

Cloud Foundry Elastic Runtime

= 1.8.0
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.0
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.1
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.2
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.3
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.4
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.5
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.6
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.7
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.8
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.9
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.10
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.11
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.7.12
📦
Pivotal Software

Cloud Foundry Ops Manager

= 1.8.0
📦
Pivotal Software

Cloud Foundry Uaa

= 2.3.0
📦
Pivotal Software

Cloud Foundry Uaa

= 2.3.1
📦
Pivotal Software

Cloud Foundry Uaa

= 2.4.0
📦
Pivotal Software

Cloud Foundry Uaa

= 2.5.1
📦
Pivotal Software

Cloud Foundry Uaa

= 2.6.1
📦
Pivotal Software

Cloud Foundry Uaa

= 2.7.0.2
📦
Pivotal Software

Cloud Foundry Uaa

= 2.7.0.3
📦
Pivotal Software

Cloud Foundry Uaa

= 2.7.1
📦
Pivotal Software

Cloud Foundry Uaa

= 2.7.2
📦
Pivotal Software

Cloud Foundry Uaa

= 2.7.3
📦
Pivotal Software

Cloud Foundry Uaa

= 2.7.4.6
📦
Pivotal Software

Cloud Foundry Uaa

= 3.0.0
📦
Pivotal Software

Cloud Foundry Uaa

= 3.0.1
📦
Pivotal Software

Cloud Foundry Uaa

= 3.1.0
📦
Pivotal Software

Cloud Foundry Uaa

= 3.2.0
📦
Pivotal Software

Cloud Foundry Uaa

= 3.2.1
📦
Pivotal Software

Cloud Foundry Uaa

= 3.3.0
📦
Pivotal Software

Cloud Foundry Uaa

= 3.3.0.1
📦
Pivotal Software

Cloud Foundry Uaa

= 3.4.0
📦
Pivotal Software

Cloud Foundry Uaa

= 3.4.1
📦
Pivotal Software

Cloud Foundry Uaa

= 3.4.2

References & Advisories

🔗 http://www.securityfocus.com/bid/93245
🔗 https://pivotal.io/security/cve-2016-6637
🔗 http://www.securityfocus.com/bid/93245
🔗 https://pivotal.io/security/cve-2016-6637

関連する脆弱性情報

CVE-2017-49929.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17...

CVE-2016-44688.8

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x befor...

CVE-2016-66518.8

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x bef...

CVE-2017-49738.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14...