Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
uaa bosh vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-3084
The UAA reset password flow in Cloud Foundry release v236 and previous versions versions, UAA release v3.3.0 and previous versions versions, all versions of Login-server, UAA release v10 and previous versions versions and Pivotal Elastic Runtime versions before 1.7.2 is vulnerabl...
Pivotal Software Login-server -
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry
6.8
CVSSv2
CVE-2018-11083
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be...
Cloud Foundry Bosh
4.3
CVSSv2
CVE-2016-0781
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions before 1.6.20 are vulnerable to an XSS attack by specifying malicious java script ...
Pivotal Software Cloud Foundry Elastic Runtime 1.6.3
Pivotal Software Cloud Foundry Elastic Runtime 1.6.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.19
Pivotal Software Cloud Foundry Uaa 3.0.0
Pivotal Software Cloud Foundry Uaa 3.0.1
Pivotal Software Cloud Foundry Uaa 3.1.0
Pivotal Software Cloud Foundry 219
Pivotal Software Cloud Foundry 220
Pivotal Software Cloud Foundry 221
Pivotal Software Cloud Foundry 222
Pivotal Software Login-server -
Cloudfoundry Cloud Foundry Uaa Bosh 6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.9
Pivotal Software Cloud Foundry Elastic Runtime 1.6.16
Pivotal Software Cloud Foundry Elastic Runtime 1.6.18
Pivotal Software Cloud Foundry Uaa 3.2.0
Pivotal Software Cloud Foundry 208
4
CVSSv2
CVE-2020-5422
BOSH System Metrics Server releases before 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
Cloud Foundry Bosh System Metrics Server
6.8
CVSSv2
CVE-2017-4963
An issue exists in Cloud Foundry Foundation Cloud Foundry release v252 and previous versions versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to auth...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa-release
Pivotal Software Cloud Foundry Cf-release
1 Github repository
5
CVSSv2
CVE-2016-6636
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) prior to 242; UAA 2.x prior to 2.7.4.7, 3.x prior to 3.3.0.5, and 3.4.x prior to 3.4.4; UAA BOSH prior to 11.5 and 12.x prior to 12.5; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21, and 1.8.x prior to ...
Pivotal Software Cloud Foundry Ops Manager 1.7.12
Pivotal Software Cloud Foundry Ops Manager 1.7.5
Pivotal Software Cloud Foundry Ops Manager 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.39
Pivotal Software Cloud Foundry Elastic Runtime 1.6.38
Pivotal Software Cloud Foundry Elastic Runtime 1.6.30
Pivotal Software Cloud Foundry Elastic Runtime 1.6.29
Pivotal Software Cloud Foundry Elastic Runtime 1.6.21
Pivotal Software Cloud Foundry Elastic Runtime 1.6.20
Pivotal Software Cloud Foundry Elastic Runtime 1.6.12
Pivotal Software Cloud Foundry Elastic Runtime 1.6.11
Pivotal Software Cloud Foundry Elastic Runtime 1.6.3
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
Pivotal Software Cloud Foundry Elastic Runtime 1.7.16
Pivotal Software Cloud Foundry Elastic Runtime 1.7.15
Pivotal Software Cloud Foundry Elastic Runtime 1.7.8
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry Uaa 2.3.0
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.2
6.8
CVSSv2
CVE-2016-6637
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) prior to 242; UAA 2.x prior to 2.7.4.7, 3.x prior to 3.3.0.5, and 3.4.x prior to 3.4.4; UAA BOSH prior to 11.5 and 12.x prior to 12.5; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21,...
Pivotal Software Cloud Foundry Ops Manager 1.7.9
Pivotal Software Cloud Foundry Ops Manager 1.7.8
Pivotal Software Cloud Foundry Ops Manager 1.7.1
Pivotal Software Cloud Foundry Ops Manager 1.7.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.34
Pivotal Software Cloud Foundry Elastic Runtime 1.6.33
Pivotal Software Cloud Foundry Elastic Runtime 1.6.26
Pivotal Software Cloud Foundry Elastic Runtime 1.6.25
Pivotal Software Cloud Foundry Elastic Runtime 1.6.17
Pivotal Software Cloud Foundry Elastic Runtime 1.6.15
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.7.20
Pivotal Software Cloud Foundry Elastic Runtime 1.7.19
Pivotal Software Cloud Foundry Elastic Runtime 1.7.12
Pivotal Software Cloud Foundry Elastic Runtime 1.7.11
Pivotal Software Cloud Foundry Elastic Runtime 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime 1.7.3
Pivotal Software Cloud Foundry Elastic Runtime 1.7.2
Pivotal Software Cloud Foundry Uaa 2.5.1
Pivotal Software Cloud Foundry Uaa 2.6.1
Pivotal Software Cloud Foundry Uaa 3.0.1
6.5
CVSSv2
CVE-2016-4468
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) prior to 238; UAA 2.x prior to 2.7.4.4, 3.x prior to 3.3.0.2, and 3.4.x prior to 3.4.1; UAA BOSH prior to 11.2 and 12.x prior to 12.2; Elastic Runtime prior to 1.6.29 and 1.7.x prior to 1.7.7; and Ops Manager 1.7.x prior ...
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry
Pivotal Software Cloud Foundry Elastic Runtime 1.8.0
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Elastic Runtime 1.6.13
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.7.1
Pivotal Software Cloud Foundry Ops Manager 1.7.3
Pivotal Software Cloud Foundry Ops Manager 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.9
Pivotal Software Cloud Foundry Elastic Runtime 1.6.22
Pivotal Software Cloud Foundry Elastic Runtime 1.6.14
Pivotal Software Cloud Foundry Elastic Runtime 1.6.25
Pivotal Software Cloud Foundry Elastic Runtime 1.6.17
Pivotal Software Cloud Foundry Elastic Runtime 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.10
Pivotal Software Cloud Foundry Elastic Runtime 1.6.0
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.20
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
6.5
CVSSv2
CVE-2016-6651
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) prior to 243; UAA 2.x prior to 2.7.4.8, 3.x prior to 3.3.0.6, and 3.4.x prior to 3.4.5; UAA BOSH prior to 11.7 and 12.x prior to 12.6; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21, and 1.8.x prior to 1.8.2; an...
Pivotal Software Cloud Foundry Ops Manager 1.7.7
Pivotal Software Cloud Foundry Ops Manager 1.7.6
Pivotal Software Cloud Foundry Ops Manager 1.8.0
Pivotal Software Cloud Foundry Elastic Runtime 1.8.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.33
Pivotal Software Cloud Foundry Elastic Runtime 1.6.32
Pivotal Software Cloud Foundry Elastic Runtime 1.6.31
Pivotal Software Cloud Foundry Elastic Runtime 1.6.23
Pivotal Software Cloud Foundry Elastic Runtime 1.6.22
Pivotal Software Cloud Foundry Elastic Runtime 1.6.14
Pivotal Software Cloud Foundry Elastic Runtime 1.6.13
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.4
Pivotal Software Cloud Foundry Elastic Runtime 1.7.18
Pivotal Software Cloud Foundry Elastic Runtime 1.7.17
Pivotal Software Cloud Foundry Elastic Runtime 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime 1.7.9
Pivotal Software Cloud Foundry Elastic Runtime 1.7.1
Pivotal Software Cloud Foundry Elastic Runtime 1.7.0
Pivotal Software Cloud Foundry Ops Manager 1.7.11
Pivotal Software Cloud Foundry Ops Manager 1.7.10
Pivotal Software Cloud Foundry Ops Manager 1.7.3
6
CVSSv2
CVE-2020-5414
VMware Tanzu Application Service for VMs (2.7.x versions before 2.7.19, 2.8.x versions before 2.8.13, and 2.9.x versions before 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredac...
Vmware Tanzu Application Service For Virtual Machines
Vmware Operations Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2