High severity8.1NVD Advisory· Published May 25, 2017· Updated Jun 17, 2026
CVE-2016-3084
CVE-2016-3084
Description
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | < 3.3.0.1 | 3.3.0.1 |
Affected products
7- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*Range: <=10
cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*range: <=236
- (no CPE)range: release v236 and earlier versions
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*Range: <=1.7.1
- cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-fm5c-2rwc-887wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3084ghsaADVISORY
- pivotal.io/security/cve-2016-3084nvdVendor AdvisoryWEB
- github.com/cloudfoundry/uaa/commit/14350228989e2aee900b8d48a848293bb5152b6fghsaWEB
- github.com/cloudfoundry/uaa/commit/1d3ad7399d010f6a29dc3bf8139d792121301ab8ghsaWEB
- github.com/cloudfoundry/uaa/commit/460627ed419e4227b10ff121248b3ffc009011a9ghsaWEB
- github.com/cloudfoundry/uaa/commit/4a119d314744460ed56bcd740b2e913bf3f560c1ghsaWEB
- github.com/cloudfoundry/uaa/commit/5c2377487bef9d716d5c8e5717df1fc00bc7b000ghsaWEB
- github.com/cloudfoundry/uaa/commit/66132926f1bac0b878da5841be2f93fa5075d88fghsaWEB
- github.com/cloudfoundry/uaa/commit/b3834364ab573e9655348193780a56a602fe87b7ghsaWEB
News mentions
0No linked articles in our index yet.