Vulnerabilites related to cloudfoundry - cf-mysql-release
Vulnerability from fkie_nvd
Published
2017-06-13 06:29
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/93889 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://www.cloudfoundry.org/cve-2016-6655/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93889 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cloudfoundry.org/cve-2016-6655/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-mysql-release | * | |
| cloudfoundry | cf-release | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-mysql-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "503F79C0-4F12-4AA0-8902-12217C476BBC",
"versionEndIncluding": "30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9D6FC7-3CB5-4C15-A0F3-E64577C72EAB",
"versionEndIncluding": "244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."
},
{
"lang": "es",
"value": "Un problema fue descubierto en Cloud Foundry Foundation Cloud Foundry liberado en versiones anteriores a la v245 y cf-mysql liberado anterior a la v31. Una inyecci\u00f3n de comando fue descubierta en un script com\u00fan usado por varios componentes de Cloud Foundry. Un usuario malicioso podr\u00eda explotar numerosos vectores para ejecutar comando arbitrarios en servidores con Cloud Foundry ejecut\u00e1ndose."
}
],
"id": "CVE-2016-6655",
"lastModified": "2024-11-21T02:56:33.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.190",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93889"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/cve-2016-6655/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/cve-2016-6655/"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-6655
Vulnerability from cvelistv5
Published
2017-06-13 06:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cloudfoundry.org/cve-2016-6655/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93889 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cloud Foundry |
Version: Cloud Foundry |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/cve-2016-6655/"
},
{
"name": "93889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cloud Foundry"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/cve-2016-6655/"
},
{
"name": "93889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "Cloud Foundry"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/cve-2016-6655/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/cve-2016-6655/"
},
{
"name": "93889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6655",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}