Certificate Validation Flaw in Pivotal Cloud Foundry and UAA by Pivotal
CVE-2016-5016

5.9MEDIUM

What is CVE-2016-5016?

The vulnerability arises in Pivotal Cloud Foundry and its User Account and Authentication Server (UAA), where the system fails to validate if a provided certificate is expired. This oversight could potentially allow unauthorized access or facilitate man-in-the-middle attacks, jeopardizing the security of applications running on the Pivotal platform. It is crucial for users to upgrade to fixed versions to mitigate these risks.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.