CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0883
https://notcve.org/view.php?id=CVE-2016-0883
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.5.14 y 1.6.x en versiones anteriores a 1.6.9 usa la misma clave de cifrado de cookies a través instalaciones de clientes diferentes, lo que permite a atacantes remotos eludir autenticación de sesión mediante el aprovechamiento del conocimiento de esta clave desde otra instalación. • https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme • CWE-287: Improper Authentication •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-0928
https://notcve.org/view.php?id=CVE-2016-0928
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a 1.6.30 y 1.7.x en versiones anteriores a 1.7.8 permite a atacantes remotos redireccionar usuarios a sitios web arbitrarios y llevar a cabo ataques phishing a través de vectores no especificados. • http://www.securityfocus.com/bid/91550 https://pivotal.io/security/cve-2016-0928 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-0897
https://notcve.org/view.php?id=CVE-2016-0897
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.17 y 1.7.x en versiones anteriores a 1.7.8, cuando se usa vCloud o vSphere, no activa adecuadamente acceso SSH para operadores, lo que tiene un impacto no especifico y vectores de ataque remotos. • https://pivotal.io/security/cve-2016-0897 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 3%CPEs: 23EXPL: 0CVE-2015-3192 – Framework: denial-of-service attack with XML input
https://notcve.org/view.php?id=CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. Pivotal Spring Framework en versiones anteriores a 3.2.14 y 4.x en versiones anteriores a 4.1.7 no procesa correctamente las declaraciones DTD en línea cuando DTD no está completamente desactivado, lo que permite a atacantes remotos provocar una caída de servicio (consumo de memoria y errores fuera de rango) a través de un archivo XML manipulado. A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html http://pivotal.io/security/cve-2015-3192 http://rhn.redhat.com/errata/RHSA-2016-1592.html http://rhn.redhat.com/errata/RHSA-2016-1593.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://www.securityfocus.com/bid/90853 http://www.securitytracker.com/id/1036587 ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0201
https://notcve.org/view.php?id=CVE-2015-0201
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. El cliente Java SockJS en Pivotal Spring Framework 4.1.x anterior a 4.1.5 genera identificadores de sesiones previsibles, lo que permite a atacantes remotos enviar mensajes a otras sesiones a través de vectores no especificados. • https://pivotal.io/security/cve-2015-0201 • CWE-254: 7PK - Security Features •