CVE-2016-6637

Name of the Vulnerable Software and Affected Versions Pivotal Cloud Foundry versions prior to 242 UAA versions 2.x prior to 2.7.4.7 UAA versions 3.x prior to 3.3.0.5 UAA versions 3.4.x prior to 3.4.4 UAA BOSH versions prior to 11.5 UAA BOSH versions 12.x prior to 12.5 Elastic Runtime versions 1.6.x prior to 1.6.40 Elastic Runtime versions 1.7.x prior to 1.7.21 Elastic Runtime versions 1.8.x prior to 1.8.2 Ops Manager versions 1.7.x prior to 1.7.13 Ops Manager versions 1.8.x prior to 1.8.1

Description Multiple cross-site request forgery (CSRF) vulnerabilities allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.

Recommendations For Pivotal Cloud Foundry versions prior to 242, update to version 242 or later. For UAA versions 2.x prior to 2.7.4.7, update to version 2.7.4.7 or later. For UAA versions 3.x prior to 3.3.0.5, update to version 3.3.0.5 or later. For UAA versions 3.4.x prior to 3.4.4, update to version 3.4.4 or later. For UAA BOSH versions prior to 11.5, update to version 11.5 or later. For UAA BOSH versions 12.x prior to 12.5, update to version 12.5 or later. For Elastic Runtime versions 1.6.x prior to 1.6.40, update to version 1.6.40 or later. For Elastic Runtime versions 1.7.x prior to 1.7.21, update to version 1.7.21 or later. For Elastic Runtime versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later. For Ops Manager versions 1.7.x prior to 1.7.13, update to version 1.7.13 or later. For Ops Manager versions 1.8.x prior to 1.8.1, update to version 1.8.1 or later.