CVE-2016-3084 in Cloud Foundryinfo

Summary

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

03/10/2016

Disclosure

05/25/2017

Moderation

VulDB entry created

Entries

1: VDB-101778

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.8

EPSS

0.00272

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-3084
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-3084
CVE Details	https://www.cvedetails.com/cve/CVE-2016-3084/

◂ Previous Overview Next ▸