Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Remediation
References
https://github.com/cloudfoundry/cf-release/releases/tag/v240
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
https://pivotal.io/security/cve-2016-5016
Related Vulnerabilities
CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-31197 Vulnerability in maven package org.postgresql:postgresql
CVE-2020-7772 Vulnerability in npm package doc-path
CVE-2019-5438 Vulnerability in npm package harp
CVE-2022-39366 Vulnerability in maven package io.acryl:datahub-client