Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-5407
Spring Security versions 5.2.x before 5.2.4 and 5.3.x before 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response a...
Pivotal Software Spring Security
8.1
CVSSv3
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default...
Pivotal Software Spring Batch
9.8
CVSSv3
CVE-2019-3793
Pivotal Apps Manager Release, versions 665.0.x before 665.0.28, versions 666.0.x before 666.0.21, versions 667.0.x before 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization c...
Pivotal Software Application Service
5.9
CVSSv3
CVE-2018-11045
Pivotal Operations Manager, versions 2.1 before 2.1.6 and 2.0 before 2.0.15 and 1.12 before 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager ...
Pivotal Software Operations Manager
5.4
CVSSv3
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework prior to 3.2.2 does not properly escape certain characters, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a (1) line separator or...
Pivotal Software Spring Framework
8.8
CVSSv3
CVE-2018-11081
Pivotal Operations Manager, versions 2.2.x before 2.2.1, 2.1.x before 2.1.11, 2.0.x before 2.0.16, and 1.11.x before 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to t...
Pivotal Software Operations Manager
NA
CVE-2015-0862
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin prior to 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; ...
Pivotal Software Rabbitmq Management
5.4
CVSSv3
CVE-2019-3776
Pivotal Operations Manager, 2.1.x versions before 2.1.20, 2.2.x versions before 2.2.16, 2.3.x versions before 2.3.10, 2.4.x versions before 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interac...
Pivotal Software Operations Manager
5.4
CVSSv3
CVE-2019-3790
The Pivotal Ops Manager, 2.2.x versions before 2.2.23, 2.3.x versions before 2.3.16, 2.4.x versions before 2.4.11, and 2.5.x versions before 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session th...
Pivotal Software Operations Manager
6.7
CVSSv3
CVE-2020-5419
RabbitMQ versions 3.8.x before 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binar...
Pivotal Software Rabbitmq
Vmware Rabbitmq
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »