CVE-2016-0897

{"id": "CVE-2016-0897", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-09-18T02:59:02.870", "references": [{"url": "https://pivotal.io/security/cve-2016-0897", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2016-0897", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors."}, {"lang": "es", "value": "Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.17 y 1.7.x en versiones anteriores a 1.7.8, cuando se usa vCloud o vSphere, no activa adecuadamente acceso SSH para operadores, lo que tiene un impacto no especifico y vectores de ataque remotos."}], "lastModified": "2024-11-21T02:42:35.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0FBDBF-118B-4573-95A1-E3DE377DC2A2", "versionEndIncluding": "1.6.16"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "466DD7AA-9D45-44AC-8C08-2A9F4418423B"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B495324-F0E0-4E62-BC58-79253B446210"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F2D8956-202D-4724-A993-91A1A0B4A7A6"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3A06FD-DB82-43E6-8BC2-B42F6A584500"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "713FA212-3A93-4976-9B03-20880E7BDA13"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F174314-AF3D-4A21-A221-819B4B41905F"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E6952CD-766A-49D8-B250-DD530E1E34A2"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:1.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A11FF40F-EA13-41BA-9D35-3A83C08D4B41"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}