{"id":"CVE-2016-6657","details":"An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.","modified":"2026-04-10T03:52:45.040842Z","published":"2016-12-16T09:59:00.277Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94126"},{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2016-6657"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"0"},{"last_affected":"585adc1bde0b242e204b6a6300e19ee5283c2bbe"},{"introduced":"0"},{"last_affected":"36efbc0bf6186a4abaf51c04e55cdb2d5e15091b"},{"introduced":"0"},{"last_affected":"3ce2a53c261790f5a4cbddff3dd4dcf4a82d69ac"},{"introduced":"0"},{"last_affected":"e6462b9089cbcd95b0c57d226fc16f49cd3ef3fc"},{"introduced":"0"},{"last_affected":"8a9ca90e103a2b5ddd4a0b04b9046e62c22fcc75"},{"introduced":"0"},{"last_affected":"ac69ac2ea93c6ae9d6a751adf03596a18fe0e9d5"},{"introduced":"0"},{"last_affected":"cba095870204fa62b1278163f99084e159ceb3a6"},{"introduced":"0"},{"last_affected":"e6462b9089cbcd95b0c57d226fc16f49cd3ef3fc"},{"introduced":"0"},{"last_affected":"8a9ca90e103a2b5ddd4a0b04b9046e62c22fcc75"},{"introduced":"0"},{"last_affected":"ac69ac2ea93c6ae9d6a751adf03596a18fe0e9d5"},{"introduced":"0"},{"last_affected":"cba095870204fa62b1278163f99084e159ceb3a6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.0"},{"introduced":"0"},{"last_affected":"1.7.1"},{"introduced":"0"},{"last_affected":"1.7.2"},{"introduced":"0"},{"last_affected":"1.8.0"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.0"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"}]}}],"versions":["1.0.1","1.0.3","1.1","1.1.1","1.1.2","1.2.0","1.2.6","1.4.0","1.4.1","1.4.2","1.4.3","1.4.5","1.4.6","1.4.7","1.5.0","1.5.2","1.5.2.1","1.5.3","1.5.4","1.5.4.1","1.6.0","1.6.1","1.6.2","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.8.2","1.8.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.14"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.15"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.16"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.17"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.18"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.12"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6657.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}]}