CVE-2016-0781 in Pivotal Software and Cloudfoundry Products
Published on May 25, 2017

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

NVD

Products Associated with CVE-2016-0781

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-0781 are published in these products:

Pivotal Software Cloud Foundry Elastic Runtime

Pivotal Software Cloud Foundry Uaa

Pivotal Software Cloud Foundry

Pivotal Software Login Server

Cloudfoundry Cloud Foundry Uaa Bosh

Affected Versions

Pivotal Cloud Foundry:

Version v208 to v231 is affected.
Version Login-server v1.6 to v1.14 is affected.
Version UAA v2.0.0 to v2.7.4.1 is affected.
Version UAA v3.0.0 to v3.2.0 is affected.
Version UAA-Release v2 to v7 is affected.
Version Elastic Runtime 1.6.x versions prior to 1.6.20 is affected.

Exploit Probability

EPSS

0.27%

Percentile

49.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-0781 in Pivotal Software and Cloudfoundry ProductsPublished on May 25, 2017

Products Associated with CVE-2016-0781

Affected Versions

Exploit Probability

CVE-2016-0781 in Pivotal Software and Cloudfoundry Products
Published on May 25, 2017