CVE-2016-6657 PCF Open Redirects
Severity
High
Vendor
Pivotal
Description
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- PCF Elastic Runtime 1.8.x versions prior to 1.8.12
- PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later
- Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later
Credit
This vulnerability was responsibly reported by Lenu Galardi.