Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal uaa vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-11047
Cloud Foundry UAA, versions 4.19 before 4.19.2 and 4.12 before 4.12.4 and 4.10 before 4.10.2 and 4.7 before 4.7.6 and 4.5 before 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have ...
Pivotal Software Cloud Foundry Uaa
445
VMScore
CVE-2016-6636
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) prior to 242; UAA 2.x prior to 2.7.4.7, 3.x prior to 3.3.0.5, and 3.4.x prior to 3.4.4; UAA BOSH prior to 11.5 and 12.x prior to 12.5; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21, and 1.8.x prior to ...
Pivotal Software Cloud Foundry Ops Manager 1.7.12
Pivotal Software Cloud Foundry Ops Manager 1.7.5
Pivotal Software Cloud Foundry Ops Manager 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.39
Pivotal Software Cloud Foundry Elastic Runtime 1.6.38
Pivotal Software Cloud Foundry Elastic Runtime 1.6.30
Pivotal Software Cloud Foundry Elastic Runtime 1.6.29
Pivotal Software Cloud Foundry Elastic Runtime 1.6.21
Pivotal Software Cloud Foundry Elastic Runtime 1.6.20
Pivotal Software Cloud Foundry Elastic Runtime 1.6.12
Pivotal Software Cloud Foundry Elastic Runtime 1.6.11
Pivotal Software Cloud Foundry Elastic Runtime 1.6.3
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
Pivotal Software Cloud Foundry Elastic Runtime 1.7.16
Pivotal Software Cloud Foundry Elastic Runtime 1.7.15
Pivotal Software Cloud Foundry Elastic Runtime 1.7.8
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry Uaa 2.3.0
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.2
605
VMScore
CVE-2016-6637
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) prior to 242; UAA 2.x prior to 2.7.4.7, 3.x prior to 3.3.0.5, and 3.4.x prior to 3.4.4; UAA BOSH prior to 11.5 and 12.x prior to 12.5; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21,...
Pivotal Software Cloud Foundry Ops Manager 1.7.9
Pivotal Software Cloud Foundry Ops Manager 1.7.8
Pivotal Software Cloud Foundry Ops Manager 1.7.1
Pivotal Software Cloud Foundry Ops Manager 1.7.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.34
Pivotal Software Cloud Foundry Elastic Runtime 1.6.33
Pivotal Software Cloud Foundry Elastic Runtime 1.6.26
Pivotal Software Cloud Foundry Elastic Runtime 1.6.25
Pivotal Software Cloud Foundry Elastic Runtime 1.6.17
Pivotal Software Cloud Foundry Elastic Runtime 1.6.15
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.7.20
Pivotal Software Cloud Foundry Elastic Runtime 1.7.19
Pivotal Software Cloud Foundry Elastic Runtime 1.7.12
Pivotal Software Cloud Foundry Elastic Runtime 1.7.11
Pivotal Software Cloud Foundry Elastic Runtime 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime 1.7.3
Pivotal Software Cloud Foundry Elastic Runtime 1.7.2
Pivotal Software Cloud Foundry Uaa 2.5.1
Pivotal Software Cloud Foundry Uaa 2.6.1
Pivotal Software Cloud Foundry Uaa 3.0.1
383
VMScore
CVE-2019-3787
Cloud Foundry UAA, versions before 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors includin...
Pivotal Software Cloud Foundry Uaa-release
356
VMScore
CVE-2018-15754
Cloud Foundry UAA, versions 60 before 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able ...
Pivotal Software Cloud Foundry Uaa-release
356
VMScore
CVE-2019-11268
Cloud Foundry UAA version before 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, cl...
Pivotal Software Cloud Foundry Uaa-release
383
VMScore
CVE-2016-0781
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions before 1.6.20 are vulnerable to an XSS attack by specifying malicious java script ...
Pivotal Software Cloud Foundry Elastic Runtime 1.6.3
Pivotal Software Cloud Foundry Elastic Runtime 1.6.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.19
Pivotal Software Cloud Foundry Uaa 3.0.0
Pivotal Software Cloud Foundry Uaa 3.0.1
Pivotal Software Cloud Foundry Uaa 3.1.0
Pivotal Software Cloud Foundry 219
Pivotal Software Cloud Foundry 220
Pivotal Software Cloud Foundry 221
Pivotal Software Cloud Foundry 222
Pivotal Software Login-server -
Cloudfoundry Cloud Foundry Uaa Bosh 6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.9
Pivotal Software Cloud Foundry Elastic Runtime 1.6.16
Pivotal Software Cloud Foundry Elastic Runtime 1.6.18
Pivotal Software Cloud Foundry Uaa 3.2.0
Pivotal Software Cloud Foundry 208
605
VMScore
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
668
VMScore
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
668
VMScore
CVE-2015-5172
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire password reset links.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »