cvedb.io
CVE-2016-4435
CRITICAL · CVSS 9
EPSS exploitation probability: 0%
Published 2017-05-25T17:29:00.677 · Last modified 2026-06-17T00:47:33.090

Summary

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

Affected products

pivotal — bosh_stemcell

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.