Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2016-12-23T05:00:00

Updated: 2024-08-06T01:36:29.545Z

Reserved: 2016-08-10T00:00:00

Link: CVE-2016-6659

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-12-23T05:59:00.127

Modified: 2024-11-21T02:56:34.267

Link: CVE-2016-6659

cve-icon Redhat

No data.