VIR Vulnerability Intelligence Relay

CVE-2016-6655

critical
Published 2017-06-13 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
7.5
VIR risk
9.8

Description

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security_alert@emc.com — https://www.cloudfoundry.org/cve-2016-6655/

Application impact
VendorProductVersionsFixed
cloudfoundrycf-mysql-release{"endIncluding":"30"}
cloudfoundrycf-release{"endIncluding":"244"}

References

CWEs

CWE-77

Verify integrity in audit chain (admin only). AS-IS.