CVE-2016-0781
Last modified
CVE-2016-0781 is a vulnerability of currently unknown severity. The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Cloud Foundry Uaa Bosh | 2 |
| Cloudfoundry | Cloud Foundry Uaa Bosh | 3 |
| Cloudfoundry | Cloud Foundry Uaa Bosh | 4 |
| Cloudfoundry | Cloud Foundry Uaa Bosh | 5 |
| Cloudfoundry | Cloud Foundry Uaa Bosh | 6 |
| Cloudfoundry | Cloud Foundry Uaa Bosh | 7 |
| Pivotal Software | Cloud Foundry | 208 |
| Pivotal Software | Cloud Foundry | 209 |
| Pivotal Software | Cloud Foundry | 210 |
| Pivotal Software | Cloud Foundry | 211 |
| Pivotal Software | Cloud Foundry | 212 |
| Pivotal Software | Cloud Foundry | 213 |
| Pivotal Software | Cloud Foundry | 214 |
| Pivotal Software | Cloud Foundry | 215 |
| Pivotal Software | Cloud Foundry | 216 |
| Pivotal Software | Cloud Foundry | 217 |
| Pivotal Software | Cloud Foundry | 218 |
| Pivotal Software | Cloud Foundry | 219 |
| Pivotal Software | Cloud Foundry | 220 |
| Pivotal Software | Cloud Foundry | 221 |
| Pivotal Software | Cloud Foundry | 222 |
| Pivotal Software | Cloud Foundry | 223 |
| Pivotal Software | Cloud Foundry | 224 |
| Pivotal Software | Cloud Foundry | 225 |
| Pivotal Software | Cloud Foundry | 226 |
| Pivotal Software | Cloud Foundry | 227 |
| Pivotal Software | Cloud Foundry | 228 |
| Pivotal Software | Cloud Foundry | 229 |
| Pivotal Software | Cloud Foundry | 230 |
| Pivotal Software | Cloud Foundry | 231 |
| Pivotal Software | Cloud Foundry | 241 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.0 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.1 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.2 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.3 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.4 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.5 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.6 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.7 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.8 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.9 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.10 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.11 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.12 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.13 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.14 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.15 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.16 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.17 |
| Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.18 |
Showing 50 of 57 affected configurations. See NVD for the full list.
References
- https://pivotal.io/security/cve-2016-0781Vendor Advisory
- https://pivotal.io/security/cve-2016-0781Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-0781?
How severe is CVE-2016-0781?
How do I fix CVE-2016-0781?
Are you affected by CVE-2016-0781?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST