Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Remediation

References

https://pivotal.io/security/cve-2016-5016

https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

https://github.com/cloudfoundry/cf-release/releases/tag/v240

Related Vulnerabilities

CVE-2023-32314 Vulnerability in npm package vm2

CVE-2022-25927 Vulnerability in maven package org.webjars.npm:ua-parser-js

CVE-2023-1436 Vulnerability in maven package org.codehaus.jettison:jettison

CVE-2021-43862 Vulnerability in npm package jquery.terminal

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-dao

Severity

Medium

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Release Notes Third Party Advisory