Search
Find a vulnerability
Search criteria
4 vulnerabilities found for gemfire_for_pivotal_cloud_foundry by pivotal_software
CVE-2016-9880 (GCVE-0-2016-9880)
Vulnerability from nvd – Published: 2018-03-16 20:00 – Updated: 2024-09-16 19:31
VLAI
Summary
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
Severity
No CVSS data available.
CWE
- Unauthenticated access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2016-9880 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96146 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | GemFire broker for Cloud Foundry |
Affected:
1.6.x versions prior to 1.6.5
Affected: 1.7.x versions prior to 1.7.1 |
Date Public
2017-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-9880"
},
{
"name": "96146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GemFire broker for Cloud Foundry",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "1.6.x versions prior to 1.6.5"
},
{
"status": "affected",
"version": "1.7.x versions prior to 1.7.1"
}
]
}
],
"datePublic": "2017-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-17T09:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-9880"
},
{
"name": "96146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2017-02-09T00:00:00",
"ID": "CVE-2016-9880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GemFire broker for Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "1.6.x versions prior to 1.6.5"
},
{
"version_value": "1.7.x versions prior to 1.7.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-9880",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-9880"
},
{
"name": "96146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9880",
"datePublished": "2018-03-16T20:00:00.000Z",
"dateReserved": "2016-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:47.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9885 (GCVE-0-2016-9885)
Vulnerability from nvd – Published: 2017-01-06 22:00 – Updated: 2024-08-06 03:07
VLAI
Summary
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.
Severity
No CVSS data available.
CWE
- gfsh exposed over go router for GemFire for PCF
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95270 | vdb-entryx_refsource_BID |
| https://pivotal.io/security/cve-2016-9885 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1 |
Affected:
GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1
|
Date Public
2017-01-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-9885"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1"
}
]
}
],
"datePublic": "2017-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "gfsh exposed over go router for GemFire for PCF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "95270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-9885"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1",
"version": {
"version_data": [
{
"version_value": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "gfsh exposed over go router for GemFire for PCF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95270"
},
{
"name": "https://pivotal.io/security/cve-2016-9885",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-9885"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9885",
"datePublished": "2017-01-06T22:00:00.000Z",
"dateReserved": "2016-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:30.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9880 (GCVE-0-2016-9880)
Vulnerability from cvelistv5 – Published: 2018-03-16 20:00 – Updated: 2024-09-16 19:31
VLAI
Summary
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
Severity
No CVSS data available.
CWE
- Unauthenticated access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2016-9880 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96146 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | GemFire broker for Cloud Foundry |
Affected:
1.6.x versions prior to 1.6.5
Affected: 1.7.x versions prior to 1.7.1 |
Date Public
2017-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-9880"
},
{
"name": "96146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GemFire broker for Cloud Foundry",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "1.6.x versions prior to 1.6.5"
},
{
"status": "affected",
"version": "1.7.x versions prior to 1.7.1"
}
]
}
],
"datePublic": "2017-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-17T09:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-9880"
},
{
"name": "96146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2017-02-09T00:00:00",
"ID": "CVE-2016-9880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GemFire broker for Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "1.6.x versions prior to 1.6.5"
},
{
"version_value": "1.7.x versions prior to 1.7.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-9880",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-9880"
},
{
"name": "96146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9880",
"datePublished": "2018-03-16T20:00:00.000Z",
"dateReserved": "2016-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:47.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9885 (GCVE-0-2016-9885)
Vulnerability from cvelistv5 – Published: 2017-01-06 22:00 – Updated: 2024-08-06 03:07
VLAI
Summary
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.
Severity
No CVSS data available.
CWE
- gfsh exposed over go router for GemFire for PCF
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95270 | vdb-entryx_refsource_BID |
| https://pivotal.io/security/cve-2016-9885 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1 |
Affected:
GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1
|
Date Public
2017-01-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-9885"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1"
}
]
}
],
"datePublic": "2017-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "gfsh exposed over go router for GemFire for PCF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "95270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-9885"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1",
"version": {
"version_data": [
{
"version_value": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "gfsh exposed over go router for GemFire for PCF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95270"
},
{
"name": "https://pivotal.io/security/cve-2016-9885",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-9885"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9885",
"datePublished": "2017-01-06T22:00:00.000Z",
"dateReserved": "2016-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:30.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}