{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T08:38:04.689","vulnerabilities":[{"cve":{"id":"CVE-2016-0781","sourceIdentifier":"security_alert@emc.com","published":"2017-05-25T17:29:00.553","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions."},{"lang":"es","value":"Las páginas de aprobación OAuth de UAA en Cloud Foundry versiones v208 hasta v231, Login-server versiones  v1.6 hasta v1.14, UAA versiones v2.0.0 hasta v2.7.4.1, UAA versiones v3.0.0 hasta v3.2.0, UAA-Release versiones v2 hasta v7 y Pivotal Elastic Runtime versiones 1.6.x anteriores a 1.6.20, son vulnerables a un ataque de tipo XSS mediante especificación de contenido de script java malicioso en los ámbitos OAuth (grupos SCIM) o descripciones de grupo SCIM."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*","matchCriteriaId":"0B26A4D4-761B-417C-B88F-525F50A06E6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*","matchCriteriaId":"B74EB16D-F061-4CD8-A37D-24FAC9CE22C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*","matchCriteriaId":"92741034-1A45-4B1A-8444-3488CA46EC0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*","matchCriteriaId":"E716295D-4C12-48CD-816F-ADC4920863E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*","matchCriteriaId":"2D0181FC-AD4C-4E4E-9F52-6B12E4370780"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*","matchCriteriaId":"07524E58-F47F-46E5-BF63-B1F11B193F97"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*","matchCriteriaId":"21CE9A23-D596-4C33-AD29-51AFB35A53BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*","matchCriteriaId":"68E4680C-235B-4DF3-B395-FC844F21B7E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*","matchCriteriaId":"10BBBDE6-72E0-4A36-AE57-85BFF7A03137"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*","matchCriteriaId":"2CE52DC3-D982-4E81-AAD7-7CA9AB756AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*","matchCriteriaId":"719F9D8D-704E-4883-A932-652999074E1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*","matchCriteriaId":"AFB58BDC-9916-48F8-83BE-EDFE00835738"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*","matchCriteriaId":"51073766-5A57-4F50-AF35-3AD0041D2B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*","matchCriteriaId":"5E0CA70B-BD79-4CB2-AFDC-D89981993CBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*","matchCriteriaId":"C4179C04-0EFB-43E5-B690-E516C6F0634B"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*","matchCriteriaId":"3770814F-FC94-467E-ACF4-89A9239B4893"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*","matchCriteriaId":"ED374619-C2CE-4E74-BDE2-0B39D7C8A1E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*","matchCriteriaId":"A1939DBF-E885-4CF1-9FF8-296A6ED1F241"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*","matchCriteriaId":"CF5ED010-699D-48DE-AA2F-57E6CE682AF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*","matchCriteriaId":"68FE1621-874C-41F6-9A27-4C3E5F22C3A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*","matchCriteriaId":"82D4B35F-F760-4B6C-B289-411155CA6876"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*","matchCriteriaId":"0C172BAC-2766-4B37-A19A-2EB25C68C38F"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*","matchCriteriaId":"1A10DC4A-5682-476E-8A1C-8829D05FF248"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*","matchCriteriaId":"DBF25D96-83C1-4D0D-A1F1-7D5805AB4EC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*","matchCriteriaId":"94473ECC-E916-4670-AB94-8EF3F4450643"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*","matchCriteriaId":"89D4528D-6644-44B0-B5AB-FB4480839EA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*","matchCriteriaId":"96AD7EC1-0490-4513-A5C1-6FCB0470529B"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*","matchCriteriaId":"744A61DF-A49E-4931-8DF1-21EB3AC56208"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*","matchCriteriaId":"4D62EEBF-B07C-4838-BDCC-DB3F2D4CF6F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*","matchCriteriaId":"03D7EDBF-808E-4D12-AA77-A0720F08EB4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*","matchCriteriaId":"FF6B386F-3363-45CE-8F6A-91FEA00D0E82"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CC5918-BC38-46E3-8000-5FE87A65C0E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"36926681-35F4-4619-9613-155DEEEA3C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*","matchCriteriaId":"41FF3C2B-E96F-4DF7-A5C4-703206CB729E"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CB3C2D-3080-4A3D-8D8D-1381B5D98920"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*","matchCriteriaId":"782781EB-147C-4B00-84C5-1D8443BFA2D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*","matchCriteriaId":"35A56755-EEB2-4C93-B180-3918A36965AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*","matchCriteriaId":"E4009F10-08AF-470B-B903-38B8A6DBF332"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*","matchCriteriaId":"2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*","matchCriteriaId":"790DAB24-893A-463F-8358-171DACD75074"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*","matchCriteriaId":"3645A1A8-4945-447F-A968-101D5938F9C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*","matchCriteriaId":"0E52C9B9-8F94-48D8-ADA6-96918F6AAD36"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*","matchCriteriaId":"3948FC2F-AF3B-4AF3-968D-F124D03A213A"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*","matchCriteriaId":"4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*","matchCriteriaId":"7B414F88-6541-48C6-B9D6-4DDA035A0037"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*","matchCriteriaId":"66235C7F-D5EE-4989-8D24-6D0781954234"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*","matchCriteriaId":"12E75B49-2419-4313-A648-B5283DA620E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*","matchCriteriaId":"EED70273-3FB2-4652-9AA2-10E2E9D581DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*","matchCriteriaId":"A2C07910-C462-46C1-83CB-39B3FD8D25BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*","matchCriteriaId":"C6B9243E-31EF-48AB-BAB5-CCC3704A219F"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*","matchCriteriaId":"2BCB1D4B-F44C-41A1-90CA-62FD37003A1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.4.1","matchCriteriaId":"002CACDF-D085-44B6-BE47-6FB61F1EB0D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"03D97B63-F59C-47FD-9919-3B543F0C4BE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2BF268FB-5CAA-4441-A5EA-F65080A65815"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"597CA1EF-4E57-4676-B772-239EFB684C5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*","matchCriteriaId":"60348882-C48C-434B-B311-A157E3BFC833"}]}]}],"references":[{"url":"https://pivotal.io/security/cve-2016-0781","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://pivotal.io/security/cve-2016-0781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}