CVE-2016-0732

Name of the Vulnerable Software and Affected Versions Pivotal Cloud Foundry versions 208 through 229 UAA versions 2.0.0 through 2.7.3 and 3.0.0 UAA-Release versions 2 through 4 Elastic Runtime versions 1.6.0 through 1.6.13

Description The identity zones feature in the affected software, when configured with multiple identity zones, allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

Recommendations For Pivotal Cloud Foundry versions 208 through 229, update to a version outside of this range to resolve the issue. For UAA versions 2.0.0 through 2.7.3 and 3.0.0, update to a version outside of this range to resolve the issue. For UAA-Release versions 2 through 4, update to a version outside of this range to resolve the issue. For Elastic Runtime versions 1.6.0 through 1.6.13, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the identity zones feature until a patch is available.