CVE-2016-9880 Unauthenticated access to GemFire for PCF broker endpoints
The GemFire broker for Cloud Foundry has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
Affected VMware Products and Versions
- GemFire for PCF:
- 1.6.x versions prior to 1.6.5
- 1.7.x versions prior to 1.7.1
Users of affected versions should apply the following mitigation:
- Upgrade GemFire for PCF
- 1.6.x versions to 1.6.5 or later
- 1.7.x versions to 1.7.1 or later
Please note: GemFire for PCF is not available to all users. Please see the download instructions on Pivotal Network  for more information.
This issue was responsibly reported by the GemFire for PCF team.
2017-02-09: Initial vulnerability report published