{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T00:41:54.139","vulnerabilities":[{"cve":{"id":"CVE-2016-6659","sourceIdentifier":"security_alert@emc.com","published":"2016-12-23T05:59:00.127","lastModified":"2026-05-06T22:30:45.220","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider."},{"lang":"es","value":"Cloud Foundry en versiones anteriores a 248; UAA 2.x en versiones anteriores a 2.7.4.12, 3.x en versiones anteriores a 3.6.5 y 3.7.x hasta la versión 3.9.x en versiones anteriores a 3.9.3 y UAA bosh release (también conocido como uaa-release) en versiones anteriores a 13.9 para UAA 3.6.5 y en versiones anteriores a 24 para UAA 3.9.3 permite a atacantes remotos obtener privilegios para obtener acceso y acceder a los registros y posteriormete ejecutar una aplicación espcial manipulada que interactua con la configuración SAML del proveedor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*","versionEndIncluding":"23.0","matchCriteriaId":"EA176FBC-ED83-49F2-A8C1-E7A08CFDA552"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*","versionEndIncluding":"247.0","matchCriteriaId":"545DF4D2-D454-4C1E-B5AA-38D49F6265EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*","versionEndIncluding":"3.9.2","matchCriteriaId":"C38ABEEC-34D8-4E72-95D8-4C5F0BCB7E0D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95085","source":"security_alert@emc.com"},{"url":"https://www.cloudfoundry.org/cve-2016-6659/","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95085","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cloudfoundry.org/cve-2016-6659/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}