Critical severity9.0NVD Advisory· Published May 25, 2017· Updated Jun 17, 2026
CVE-2016-4435
CVE-2016-4435
Description
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.
Affected products
4cpe:2.3:a:pivotal:bosh_stemcell:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pivotal:bosh_stemcell:*:*:*:*:*:*:*:*range: <=3232.4
- cpe:2.3:a:pivotal:bosh_stemcell:3146.13:*:*:*:*:*:*:*
- Range: <3232.6, <3146.13
- Range: BOSH stemcell versions prior to 3232.6 and 3146.13
Patches
Vulnerability mechanics
References
1- pivotal.io/security/cve-2016-4435nvdThird Party Advisory
News mentions
0No linked articles in our index yet.