Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry uaa release vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-3801
Cloud Foundry cf-deployment, versions before 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the compo...
Cloudfoundry Credhub
Cloudfoundry Cf-deployment
Cloudfoundry Uaa Release
9.8
CVSSv3
CVE-2018-11082
Cloud Foundry UAA, all versions before 4.20.0 and Cloud Foundry UAA Release, all versions before 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Pivotal Software Cloudfoundry Uaa Release
Pivotal Software Cloudfoundry Uaa
9.8
CVSSv3
CVE-2015-5172
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire password reset links.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2017-4992
An issue exists in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior...
Pivotal Software Cloud Foundry Uaa 3.6.10
Pivotal Software Cloud Foundry Uaa 2.7.4.15
Pivotal Software Cloud Foundry Uaa 3.6.6
Pivotal Software Cloud Foundry Uaa 3.6.4
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 2.7.4.13
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 3.6.9
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 2.7.4.3
Pivotal Software Cloud Foundry Uaa 2.7.4.5
Pivotal Software Cloud Foundry Uaa 2.7.4.7
Pivotal Software Cloud Foundry Uaa 2.7.4.12
Pivotal Software Cloud Foundry Uaa 2.7.4.16
Pivotal Software Cloud Foundry Uaa 3.6.2
Pivotal Software Cloud Foundry Uaa 3.6.5
Pivotal Software Cloud Foundry Uaa 3.6.7
Pivotal Software Cloud Foundry Uaa 3.6.8
8.8
CVSSv3
CVE-2019-11279
CF UAA versions before 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
Cloudfoundry Uaa Release
8.8
CVSSv3
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
8.8
CVSSv3
CVE-2015-5173
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage.&qu...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2016-0732
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 up to and including 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 up to and including 1.6.13 allows remote authenticated users with p...
Cloudfoundry Cf-release
Cloudfoundry User Account And Authentication 2.2.5.3
Cloudfoundry User Account And Authentication 2.4.1
Cloudfoundry User Account And Authentication 2.4.0
Cloudfoundry User Account And Authentication 2.3.1.1
Cloudfoundry User Account And Authentication 2.0.2
Cloudfoundry User Account And Authentication 2.0.1
Cloudfoundry User Account And Authentication 2.0.0
Cloudfoundry User Account And Authentication 2.7.3
Cloudfoundry User Account And Authentication 2.7.2
Cloudfoundry User Account And Authentication 2.7.0.3
Cloudfoundry User Account And Authentication 2.5.2
Cloudfoundry User Account And Authentication 2.5.0
Cloudfoundry User Account And Authentication 2.2.5.2
Cloudfoundry User Account And Authentication 2.3.0
Cloudfoundry User Account And Authentication 2.2.5
Cloudfoundry User Account And Authentication 2.2.1
Cloudfoundry User Account And Authentication 2.1.0
Cloudfoundry User Account And Authentication 2.7.0.1
Cloudfoundry User Account And Authentication 2.7.0
Cloudfoundry User Account And Authentication 2.6.2
Cloudfoundry User Account And Authentication 2.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »