How severe is CVE-2016-3084?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2016-3084?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2016-3084 - HIGH Severity | CVSS 8.1

Vulnerability Description

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Related Vulnerabilities

CVE-2013-7202

HIGH

CVSS:8.1(High)

The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.

CWE-2642013

CVE-2016-0036

HIGH

CVSS:8.1(High)

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code vi...

CWE-2642016

CVE-2016-0915

HIGH

CVSS:8.1(High)

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an ar...

CWE-2642016

CVE-2016-10086

HIGH

CVSS:8.1(High)

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions a...

CWE-2642016

CVE-2016-10116

HIGH

CVSS:8.1(High)

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adje...

CWE-2642016

CVE-2016-1290

HIGH

CVSS:8.1(High)

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain...

CWE-2642016