CVE-2016-0883

EUVD-2016-0894
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
pivotal_softwareoperations_manager
𝑥
≤ 1.5.13
pivotal_softwareoperations_manager
1.6.0
pivotal_softwareoperations_manager
1.6.1
pivotal_softwareoperations_manager
1.6.2
pivotal_softwareoperations_manager
1.6.3
pivotal_softwareoperations_manager
1.6.4
pivotal_softwareoperations_manager
1.6.5
pivotal_softwareoperations_manager
1.6.6
pivotal_softwareoperations_manager
1.6.7
pivotal_softwareoperations_manager
1.6.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme
https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme