Pivotal Software: >> Cloud Foundry Elastic Runtime >> 1.6.4 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-09-18
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
CVSS Score
7.3
EPSS Score
0.001
Published
2016-09-18
Page 3