CVE-2016-0781

{"id": "CVE-2016-0781", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-05-25T17:29:00.553", "references": [{"url": "https://pivotal.io/security/cve-2016-0781", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions."}, {"lang": "es", "value": "Las p\u00e1ginas de aprobaci\u00f3n OAuth de UAA en Cloud Foundry versiones v208 hasta v231, Login-server versiones v1.6 hasta v1.14, UAA versiones v2.0.0 hasta v2.7.4.1, UAA versiones v3.0.0 hasta v3.2.0, UAA-Release versiones v2 hasta v7 y Pivotal Elastic Runtime versiones 1.6.x anteriores a 1.6.20, son vulnerables a un ataque de tipo XSS mediante especificaci\u00f3n de contenido de script java malicioso en los \u00e1mbitos OAuth (grupos SCIM) o descripciones de grupo SCIM."}], "lastModified": "2021-08-06T14:47:27.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B26A4D4-761B-417C-B88F-525F50A06E6D"}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74EB16D-F061-4CD8-A37D-24FAC9CE22C9"}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92741034-1A45-4B1A-8444-3488CA46EC0E"}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E716295D-4C12-48CD-816F-ADC4920863E7"}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D0181FC-AD4C-4E4E-9F52-6B12E4370780"}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07524E58-F47F-46E5-BF63-B1F11B193F97"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21CE9A23-D596-4C33-AD29-51AFB35A53BC"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68E4680C-235B-4DF3-B395-FC844F21B7E2"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10BBBDE6-72E0-4A36-AE57-85BFF7A03137"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CE52DC3-D982-4E81-AAD7-7CA9AB756AB2"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "719F9D8D-704E-4883-A932-652999074E1B"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB58BDC-9916-48F8-83BE-EDFE00835738"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51073766-5A57-4F50-AF35-3AD0041D2B09"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E0CA70B-BD79-4CB2-AFDC-D89981993CBF"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4179C04-0EFB-43E5-B690-E516C6F0634B"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3770814F-FC94-467E-ACF4-89A9239B4893"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED374619-C2CE-4E74-BDE2-0B39D7C8A1E9"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1939DBF-E885-4CF1-9FF8-296A6ED1F241"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF5ED010-699D-48DE-AA2F-57E6CE682AF8"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68FE1621-874C-41F6-9A27-4C3E5F22C3A4"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82D4B35F-F760-4B6C-B289-411155CA6876"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C172BAC-2766-4B37-A19A-2EB25C68C38F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A10DC4A-5682-476E-8A1C-8829D05FF248"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBF25D96-83C1-4D0D-A1F1-7D5805AB4EC7"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94473ECC-E916-4670-AB94-8EF3F4450643"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89D4528D-6644-44B0-B5AB-FB4480839EA2"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96AD7EC1-0490-4513-A5C1-6FCB0470529B"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "744A61DF-A49E-4931-8DF1-21EB3AC56208"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D62EEBF-B07C-4838-BDCC-DB3F2D4CF6F6"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03D7EDBF-808E-4D12-AA77-A0720F08EB4C"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF6B386F-3363-45CE-8F6A-91FEA00D0E82"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "002CACDF-D085-44B6-BE47-6FB61F1EB0D8", "versionEndIncluding": "2.7.4.1"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C"}, {"criteria": "cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60348882-C48C-434B-B311-A157E3BFC833"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}