CVE-2016-6655

{"id": "CVE-2016-6655", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-06-13T06:29:00.190", "references": [{"url": "http://www.securityfocus.com/bid/93889", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://www.cloudfoundry.org/cve-2016-6655/", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}, {"lang": "es", "value": "Un problema fue descubierto en Cloud Foundry Foundation Cloud Foundry liberado en versiones anteriores a la v245 y cf-mysql liberado anterior a la v31. Una inyecci\u00f3n de comando fue descubierta en un script com\u00fan usado por varios componentes de Cloud Foundry. Un usuario malicioso podr\u00eda explotar numerosos vectores para ejecutar comando arbitrarios en servidores con Cloud Foundry ejecut\u00e1ndose."}], "lastModified": "2017-11-08T12:58:19.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-mysql-release:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "503F79C0-4F12-4AA0-8902-12217C476BBC", "versionEndIncluding": "30"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A9D6FC7-3CB5-4C15-A0F3-E64577C72EAB", "versionEndIncluding": "244"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}