All Vulnerability Reports

CVE-2016-9882 Cloud Foundry Logs Service Credentials


Severity

Medium

References

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • PCF Elastic Runtime:
    • 1.6.x versions prior to 1.6.59
    • 1.7.x versions prior to 1.7.40
    • 1.8.x versions prior to 1.8.21
    • Pre-release 1.9.x versions prior to 1.9.0

Mitigation

Users of affected versions should apply the following mitigation:

  • OSS users should follow the mitigations listed here.
  • PCF Elastic Runtime:
    • Upgrade 1.6.x versions to 1.6.59 or later
    • Upgrade 1.7.x versions to 1.7.40 or later
    • Upgrade 1.8.x versions to 1.8.21 or later
    • Upgrade any pre-release versions of 1.9.x to 1.9.0
  • If you were forwarding CC logs via an unsecured connection, service binding credentials should be rotated and it is recommended to only forward syslog using a secure connection.