Vulnerability identifier: #VU712

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6637

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Pivotal Cloud Foundry Ops Manager
Client/Desktop applications / Software for archiving
Pivotal Cloud Foundry Elastic Runtime
Client/Desktop applications / Software for archiving
Cloud Foundry UAA
Server applications / Web servers
Bosh Release for the UAA
Server applications / Virtualization software

Vendor: Cloud Foundry Foundation

Description
The vulnerability allows a remote user hijack valid user's authentication on the target language.
The weakness exists due to cross-site request forgery and allows attacker to steal user's authentication data.
Successful exploitation of the vulnerability may result in using victim's authentication for approval/denial a scope via a profile or approval page authorization.

Mitigation
Update Pivotal Cloud Foundry (PCF) UAA 2.x to 2.7.4.7, 3.x to 3.3.0.5, and 3.4.x to 3.4.4.
Update Pivotal Cloud Foundry (PCF) UAA BOSH 11.5 and 12.x to 12.5.
Update Pivotal Cloud Foundry (PCF) Elastic Runtime 1.7.x to 1.7.21, and 1.8.x to 1.8.2.
Update Pivotal Cloud Foundry (PCF) Ops Manager 1.7.x to 1.7.13 and 1.8.x to 1.8.1.

Vulnerable software versions

Pivotal Cloud Foundry Ops Manager: 1.7.0 - 1.8.0

Pivotal Cloud Foundry Elastic Runtime: 1.7.1 - 1.8.1

Cloud Foundry UAA: 2.0 - 2.7

Bosh Release for the UAA: 11.5 - 12.4

---

External links
http://pivotal.io/security/cve-2016-6637

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.