CVE-2016-0883

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
pivotal_softwareoperations_manager
𝑥
≤ 1.5.13
pivotal_softwareoperations_manager
1.6.0
pivotal_softwareoperations_manager
1.6.1
pivotal_softwareoperations_manager
1.6.2
pivotal_softwareoperations_manager
1.6.3
pivotal_softwareoperations_manager
1.6.4
pivotal_softwareoperations_manager
1.6.5
pivotal_softwareoperations_manager
1.6.6
pivotal_softwareoperations_manager
1.6.7
pivotal_softwareoperations_manager
1.6.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme
https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme