GHSA-4m8c-h7fr-gq5c · 深刻度: critical · エコシステム: maven — Cloud Foundry vulnerable to Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
総合評価: CVE-2016-6637 は中リスク(50.6/100)。CVSS 深刻度は重大。悪用される可能性が高い(EPSS 0.09%、38 パーセンタイル) 推奨対応: 影響資産を整理し、修補計画に組み込んでください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2023-03-07 | 1.05% | 0.09% | -0.96% |
| 2 | 2022-02-04 | — | 1.05% | — |
EPSS の全履歴 (全 2 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 9.6 | 3.0 | CRITICAL |
|
2.8 | 6.0 | [email protected] |
| 6.8 | 2.0 | MEDIUM |
|
8.6 | 6.4 | [email protected] |
GHSA-4m8c-h7fr-gq5c · 深刻度: critical · エコシステム: maven — Cloud Foundry vulnerable to Cross-Site Request Forgery
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| cloudfoundry | cloud_foundry_uaa_bosh | <= 15.0 | cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry | <= 241 | cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.0 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.1 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.2 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.3 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.4 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.5 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.6 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.7 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.8 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.9 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.10 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.11 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.12 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.13 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.14 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.15 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.17 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.18 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.19 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.20 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.21 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.22 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.23 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.25 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.26 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.27 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.28 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.29 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.30 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.31 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.32 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.33 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.34 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.35 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.36 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.37 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.38 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.6.39 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.0 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.1 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.2 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.3 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.4 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.5 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.6 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.7 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.8 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.9 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.10 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.11 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.12 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.13 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.14 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.15 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.16 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.17 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.18 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.19 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.7.20 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_elastic_runtime | 1.8.0 | cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.0 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.1 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.2 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.3 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.4 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.5 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.6 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.7 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.8 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.9 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.10 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.11 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.7.12 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_ops_manager | 1.8.0 | cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_uaa | 2.3.0 | cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_uaa | 2.3.1 | cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.1:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_uaa | 2.4.0 | cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.4.0:*:*:*:*:*:*:* |
| pivotal_software | cloud_foundry_uaa | 2.5.1 | cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.5.1:*:*:*:*:*:*:* |
| URL | タグ |
|---|---|
| http://www.securityfocus.com/bid/93245 | |
| https://pivotal.io/security/cve-2016-6637 | Vendor Advisory |