Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software cloud foundry vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11270
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes t...
Pivotal Software Operations Manager
Pivotal Software Application Service
Pivotal Software Cloud Foundry Uaa
6.5
CVSSv2
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
5
CVSSv2
CVE-2018-11047
Cloud Foundry UAA, versions 4.19 before 4.19.2 and 4.12 before 4.12.4 and 4.10 before 4.10.2 and 4.7 before 4.7.6 and 4.5 before 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have ...
Pivotal Software Cloud Foundry Uaa
4.3
CVSSv2
CVE-2019-3794
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
Pivotal Software Cloud Foundry Uaa
4
CVSSv2
CVE-2019-11268
Cloud Foundry UAA version before 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, cl...
Pivotal Software Cloud Foundry Uaa-release
4.3
CVSSv2
CVE-2016-0715
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 up to and including 1.4.5, 1.5.0 up to and including 1.5.11 and 1.6.0 up to and including 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part...
Pivotal Software Cloud Foundry Elastic Runtime
4.3
CVSSv2
CVE-2016-0926
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.6.32 and 1.7.x prior to 1.7.8 allows remote malicious users to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS...
Pivotal Software Cloud Foundry Elastic Runtime
4
CVSSv2
CVE-2018-15797
Cloud Foundry NFS volume release, 1.2.x before 1.2.5, 1.5.x before 1.5.4, 1.7.x before 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud ...
Pivotal Software Cloud Foundry Nfs Volume
5
CVSSv2
CVE-2018-1264
Cloud Foundry Log Cache, versions before 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if ...
Pivotal Software Cloud Foundry Log Cache
4.3
CVSSv2
CVE-2019-3787
Cloud Foundry UAA, versions before 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors includin...
Pivotal Software Cloud Foundry Uaa-release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »