CVE-2016-0930
https://notcve.org/view.php?id=CVE-2016-0930
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.19 y 1.7.x en versiones anteriores a 1.7.10, cuando se usa vCloud o vSphere, tiene una contraseña por defecto para la compilacion VMs, lo que permite a atacantes remotos obtener acceso SSH conectando dentro del periodo de tiempo de instalación durante el cual existen estas VMs. • http://www.securityfocus.com/bid/93027 https://pivotal.io/security/cve-2016-0930 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2016-0883
https://notcve.org/view.php?id=CVE-2016-0883
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.5.14 y 1.6.x en versiones anteriores a 1.6.9 usa la misma clave de cifrado de cookies a través instalaciones de clientes diferentes, lo que permite a atacantes remotos eludir autenticación de sesión mediante el aprovechamiento del conocimiento de esta clave desde otra instalación. • https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme • CWE-287: Improper Authentication •
CVE-2016-0897
https://notcve.org/view.php?id=CVE-2016-0897
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.17 y 1.7.x en versiones anteriores a 1.7.8, cuando se usa vCloud o vSphere, no activa adecuadamente acceso SSH para operadores, lo que tiene un impacto no especifico y vectores de ataque remotos. • https://pivotal.io/security/cve-2016-0897 • CWE-310: Cryptographic Issues •
CVE-2016-4380
https://notcve.org/view.php?id=CVE-2016-4380
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92698 http://www.securitytracker.com/id/1036716 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4373
https://notcve.org/view.php?id=CVE-2016-4373
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • http://www.securityfocus.com/bid/92122 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05206507 • CWE-284: Improper Access Control •