{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2016-0928"}, {"name": "91550", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91550"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-0928", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2016-0928", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2016-0928"}, {"name": "91550", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91550"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-0928", "datePublished": "2016-09-18T01:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2016-11-25T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "85199F7E-AE24-415F-B2B6-9839367AF006", "versionEndIncluding": "1.6.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D459191E-DE3B-4F17-9F69-FFF3D000ADD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8943CF5B-DA24-4FF3-92B2-43EFE963B59E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "45076F48-C883-4334-95EE-F00266D9EBA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "40D1DC46-1AD9-429F-A4D8-875D9B4B18BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "7B0ACEB5-8D35-426B-B911-E04ACFC09B09", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "3C00AC47-7617-42AB-9403-A7494DDB94CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "D0A39E28-6AF2-42DA-BC0F-857D835D9BF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "12D89F4D-16EB-4F51-B64E-7E79DCC6E8CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a 1.6.30 y 1.7.x en versiones anteriores a 1.7.8 permite a atacantes remotos redireccionar usuarios a sitios web arbitrarios y llevar a cabo ataques phishing a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-0928", "lastModified": "2016-11-28T19:56:08.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-18T02:59:08.997", "references": [{"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/91550"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-0928"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}