VYPR
High severity8.1NVD Advisory· Published May 25, 2017· Updated Jun 17, 2026

CVE-2016-3084

CVE-2016-3084

Description

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven
< 3.3.0.13.3.0.1

Affected products

7

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.