Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-3777
Pivotal Application Service (PAS), versions 2.2.x before 2.2.12, 2.3.x before 2.3.7 and 2.4.x before 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS ...
Pivotal Software Application Service
6.4
CVSSv2
CVE-2019-3778
Spring Security OAuth, versions 2.3 before 2.3.5, and 2.2 before 2.2.4, and 2.1 before 2.1.4, and 2.0 before 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a requ...
Pivotal Software Spring Security Oauth
Oracle Banking Corporate Lending 14.1.0
Oracle Banking Corporate Lending 14.3.0
Oracle Banking Corporate Lending 14.4.0
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Batch
Pivotal Software Spring Batch 4.1.0
7.5
CVSSv2
CVE-2019-3773
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Web Services
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Financial Services Analytical Applications Infrastructure
5
CVSSv2
CVE-2019-3803
Pivotal Concourse, all versions before 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
Pivotal Software Concourse
5.8
CVSSv2
CVE-2018-15798
Pivotal Concourse Release, versions 4.x before 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access t...
Pivotal Software Concourse
4
CVSSv2
CVE-2018-15754
Cloud Foundry UAA, versions 60 before 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able ...
Pivotal Software Cloud Foundry Uaa-release
3.3
CVSSv2
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to...
Pivotal Software Rabbitmq
1 Github repository
4
CVSSv2
CVE-2018-15797
Cloud Foundry NFS volume release, 1.2.x before 1.2.5, 1.5.x before 1.5.4, 1.7.x before 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud ...
Pivotal Software Cloud Foundry Nfs Volume
5
CVSSv2
CVE-2018-15759
Pivotal Cloud Foundry On Demand Services SDK, versions before 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and ga...
Pivotal Software Broker Api
Pivotal Software On Demand Services Sdk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »