CVE-2016-0928

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Published: Sep 18, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-0928
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
pivotal / cloud_foundry_elastic_runtime	1.7.5	1.7.5.x
pivotal / cloud_foundry_elastic_runtime	1.7.6	1.7.6.x
pivotal / cloud_foundry_elastic_runtime	1.7.7	1.7.7.x
pivotal / cloud_foundry_elastic_runtime	1.7.1	1.7.1.x
pivotal / cloud_foundry_elastic_runtime	1.7.0	1.7.0.x
pivotal / cloud_foundry_elastic_runtime	1.7.2	1.7.2.x
pivotal / cloud_foundry_elastic_runtime	-	1.6.29.x
pivotal / cloud_foundry_elastic_runtime	1.7.4	1.7.4.x
pivotal / cloud_foundry_elastic_runtime	1.7.3	1.7.3.x

Vulnerability Database

289,784

CVE-2016-0928