Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-20885
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions before 63; SMB-volume release: All versions before 3.1.19; cf-nfs-volume release: 5.0.X versions before 5.0.27, 7.1.X...
Pivotal Cloud Foundry Smb Volume
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Nfs Volume
8.1
CVSSv3
CVE-2016-6659
Cloud Foundry prior to 248; UAA 2.x prior to 2.7.4.12, 3.x prior to 3.6.5, and 3.7.x up to and including 3.9.x prior to 3.9.3; and UAA bosh release (aka uaa-release) prior to 13.9 for UAA 3.6.5 and prior to 24 for UAA 3.9.3 allow malicious users to gain privileges by accessing UA...
Pivotal Software Cloud Foundry
Pivotal Software Cloud Foundry Uaa
Cloudfoundry Cloud Foundry Uaa Bosh
8.1
CVSSv3
CVE-2016-3084
The UAA reset password flow in Cloud Foundry release v236 and previous versions versions, UAA release v3.3.0 and previous versions versions, all versions of Login-server, UAA release v10 and previous versions versions and Pivotal Elastic Runtime versions before 1.7.2 is vulnerabl...
Pivotal Software Cloud Foundry
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Login-server -
Cloudfoundry Cloud Foundry Uaa Bosh
8.1
CVSSv3
CVE-2017-4963
An issue exists in Cloud Foundry Foundation Cloud Foundry release v252 and previous versions versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to auth...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Cf-release
Pivotal Software Cloud Foundry Uaa-release
1 Github repository
9.8
CVSSv3
CVE-2016-9885
An issue exists in Pivotal GemFire for PCF 1.6.x versions before 1.6.5 and 1.7.x versions before 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communicati...
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.1
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.7.0.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.0.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.4.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.2
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.3.0
7.5
CVSSv3
CVE-2023-34061
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Routing Release
6.1
CVSSv3
CVE-2017-8041
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.3
6.5
CVSSv3
CVE-2017-8040
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3, an XXE (XML External Entity) attack exists in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data o...
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.3
6.1
CVSSv3
CVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and before 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, all...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa-release
6.1
CVSSv3
CVE-2017-8044
In Pivotal Single Sign-On for PCF (1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »