CVE-2016-0732 : The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 th

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

Published 2017-09-07 13:29:00

Updated 2021-09-09 17:51:48

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-0732

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-0732

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-0732

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-0732

https://pivotal.io/security/cve-2016-0732

CVE-2016-0732 Privilege Escalation | Security | Pivotal
Mitigation;Vendor Advisory

Products affected by CVE-2016-0732

Pivotal » Elastic Runtime » Version: 1.6.8
cpe:2.3:a:pivotal:elastic_runtime:1.6.8:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.9
cpe:2.3:a:pivotal:elastic_runtime:1.6.9:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.10
cpe:2.3:a:pivotal:elastic_runtime:1.6.10:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.11
cpe:2.3:a:pivotal:elastic_runtime:1.6.11:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.3
cpe:2.3:a:pivotal:elastic_runtime:1.6.3:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.5
cpe:2.3:a:pivotal:elastic_runtime:1.6.5:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.7
cpe:2.3:a:pivotal:elastic_runtime:1.6.7:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.12
cpe:2.3:a:pivotal:elastic_runtime:1.6.12:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.0
cpe:2.3:a:pivotal:elastic_runtime:1.6.0:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.1
cpe:2.3:a:pivotal:elastic_runtime:1.6.1:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.2
cpe:2.3:a:pivotal:elastic_runtime:1.6.2:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.4
cpe:2.3:a:pivotal:elastic_runtime:1.6.4:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.6
cpe:2.3:a:pivotal:elastic_runtime:1.6.6:*:*:*:*:*:*:*
Matching versions
Pivotal » Elastic Runtime » Version: 1.6.13
cpe:2.3:a:pivotal:elastic_runtime:1.6.13:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » Cf-release
Versions from including (>=) 208 and up to, including, (<=) 229
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.5.3
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.5.3:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.4.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.4.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.4.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.4.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.3.1.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.3.1.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.0.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.0.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.0.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.3
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.3:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.0.3
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0.3:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.5.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.5.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.0.3
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.3:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.1.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.1.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.5.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.5.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.3.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.3.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.3.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.3.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.6
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.6:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.5
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.5:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.5.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.5.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.4
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.4:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.4.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.4.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.3
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.3:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.2.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.0.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.0.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.6.2
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.6.2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.7.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.6.0
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.6.0:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.6.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.6.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » User Account And Authentication » Version: 2.5.1
cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.5.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » Uaa-release » Version: 2
cpe:2.3:a:cloudfoundry:uaa-release:2:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » Uaa-release » Version: 4
cpe:2.3:a:cloudfoundry:uaa-release:4:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » Uaa-release » Version: 3
cpe:2.3:a:cloudfoundry:uaa-release:3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-0732

Exploit prediction scoring system (EPSS) score for CVE-2016-0732

CVSS scores for CVE-2016-0732

CWE ids for CVE-2016-0732

References for CVE-2016-0732

Products affected by CVE-2016-0732