Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-3790
The Pivotal Ops Manager, 2.2.x versions before 2.2.23, 2.3.x versions before 2.3.16, 2.4.x versions before 2.4.11, and 2.5.x versions before 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session th...
Pivotal Software Operations Manager
9.8
CVSSv3
CVE-2019-3793
Pivotal Apps Manager Release, versions 665.0.x before 665.0.28, versions 666.0.x before 666.0.21, versions 667.0.x before 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization c...
Pivotal Software Application Service
NA
CVE-2015-0862
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin prior to 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; ...
Pivotal Software Rabbitmq Management
8.1
CVSSv3
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default...
Pivotal Software Spring Batch
5.4
CVSSv3
CVE-2019-11276
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x before 2.3.16, 2.4.x before 2.4.12, 2.5.x before 2.5.8, and 2.6.x before 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjac...
Pivotal Software Application Service
6.5
CVSSv3
CVE-2019-11292
Pivotal Ops Manager, versions 2.4.x before 2.4.27, 2.5.x before 2.5.24, 2.6.x before 2.6.16, and 2.7.x before 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as w...
Pivotal Software Operations Manager
NA
CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x prior to 3.2.9 and 4.0 prior to 4.0.5 allows remote malicious users to read arbitrary files via a crafted URL.
Pivotal Software Spring Framework
5.9
CVSSv3
CVE-2018-11045
Pivotal Operations Manager, versions 2.1 before 2.1.6 and 2.0 before 2.0.15 and 1.12 before 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager ...
Pivotal Software Operations Manager
8.8
CVSSv3
CVE-2018-11081
Pivotal Operations Manager, versions 2.2.x before 2.2.1, 2.1.x before 2.1.11, 2.0.x before 2.0.16, and 1.11.x before 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to t...
Pivotal Software Operations Manager
6.1
CVSSv3
CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been...
Pivotal Software Spring Batch Admin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »