CVE-2016-0781

Name of the Vulnerable Software and Affected Versions Cloud Foundry versions 208 through 231 Login-server versions 1.6 through 1.14 UAA versions 2.0.0 through 2.7.4.1 UAA versions 3.0.0 through 3.2.0 UAA-Release versions 2 through 7 Pivotal Elastic Runtime versions prior to 1.6.20

Description The UAA OAuth approval pages are vulnerable to an XSS attack by specifying malicious JavaScript content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

Recommendations For Cloud Foundry versions 208 through 231, update to a version outside of this range to resolve the issue. For Login-server versions 1.6 through 1.14, update to a version outside of this range to resolve the issue. For UAA versions 2.0.0 through 2.7.4.1, update to a version outside of this range to resolve the issue. For UAA versions 3.0.0 through 3.2.0, update to a version outside of this range to resolve the issue. For UAA-Release versions 2 through 7, update to a version outside of this range to resolve the issue. For Pivotal Elastic Runtime versions prior to 1.6.20, update to version 1.6.20 or later to resolve the issue.