PT-2018-5118 · Pivotal · Gemfire Broker For Cloud Foundry

Publicado

2018-03-16

Atualizado

2018-04-10

CVE-2016-9880

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GemFire broker for Cloud Foundry versions 1.6.x through 1.6.4 GemFire broker for Cloud Foundry versions 1.7.x through 1.7.0

Description The issue concerns multiple API endpoints that do not require authentication, potentially allowing unauthorized access to the cluster managed by the broker.

Recommendations For GemFire broker for Cloud Foundry versions 1.6.x through 1.6.4, update to version 1.6.5 or later. For GemFire broker for Cloud Foundry versions 1.7.x through 1.7.0, update to version 1.7.1 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2016-9880

Produtos afetados

Gemfire Broker For Cloud Foundry

PT-2018-5118 · Pivotal · Gemfire Broker For Cloud Foundry

CVE-2016-9880

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4