Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal application service vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-3793
Pivotal Apps Manager Release, versions 665.0.x before 665.0.28, versions 666.0.x before 666.0.21, versions 667.0.x before 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization c...
Pivotal Software Application Service
9.8
CVSSv3
CVE-2019-3777
Pivotal Application Service (PAS), versions 2.2.x before 2.2.12, 2.3.x before 2.3.7 and 2.4.x before 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS ...
Pivotal Software Application Service
9.8
CVSSv3
CVE-2016-9885
An issue exists in Pivotal GemFire for PCF 1.6.x versions before 1.6.5 and 1.7.x versions before 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communicati...
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.7.0.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.4.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.3.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.2
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.1
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.0.0
8.8
CVSSv3
CVE-2019-11280
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x before 2.3.18, 2.4.x before 2.4.14, 2.5.x before 2.5.10, and 2.6.x before 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated us...
Pivotal Software Pivotal Application Service
8.8
CVSSv3
CVE-2018-15763
Pivotal Container Service, versions before 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentia...
Pivotal Software Pivotal Container Service
8.8
CVSSv3
CVE-2018-11088
Pivotal Applications Manager in Pivotal Application Service, versions 2.0 before 2.0.21 and 2.1 before 2.1.13 and 2.2 before 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which con...
Pivotal Software Pivotal Application Service
8.8
CVSSv3
CVE-2018-11086
Pivotal Usage Service in Pivotal Application Service, versions 2.0 before 2.0.21 and 2.1 before 2.1.13 and 2.2 before 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains t...
Pivotal Software Pivotal Application Service
8.8
CVSSv3
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Pivotal Software Spring Security
Vmware Spring Framework 5.0.5
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.4
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Testing Suite 10.1
Oracle Application Testing Suite 12.5.0.3
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Big Data Discovery 1.6.0
Oracle Communications Converged Application Server
Oracle Communications Diameter Signaling Router
Oracle Communications Network Integrity
Oracle Communications Performance Intelligence Center
Oracle Communications Services Gatekeeper
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Enterprise Manager For Mysql Database 13.2
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.3
7.8
CVSSv3
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is t...
Pivotal Cloud Foundry Deployment Concourse Tasks
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Smoke Test
Pivotal Cloud Foundry Routing Release
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Command Line Interface Release
Pivotal Cloud Foundry Log Cache Release
Pivotal Cloud Foundry Networking Release
Pivotal Cloud Foundry Command Line Interface
Pivotal Cloud Foundry Healthwatch
Pivotal Credhub Service Broker For Pcf
Pivotal Metric Registrar Release
Pivotal On Demand Service Broker
Pivotal Application Service
Pivotal Cloud Foundry Autoscaling Release
Pivotal Pivotal Cloud Foundry Service Broker
Pivotal Single Sign-on
Pivotal Cloud Foundry Event Alerts
Appdynamics Platform Montioring
Bluemedora Nozzle
Contrastsecurity Service Broker
Cyberark Conjur Service Broker
7.5
CVSSv3
CVE-2023-34054
In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP ...
Pivotal Reactor Netty
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »