Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-1276
Windows 2012R2 stemcells, versions before 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.
Pivotal Software Windows Stemcells
7.2
CVSSv3
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, g...
Pivotal Software Cloud Foundry Uaa 4.13.2
Pivotal Software Cloud Foundry Uaa 4.13.3
Pivotal Software Cloud Foundry Uaa 4.13.1
Pivotal Software Cloud Foundry Uaa 4.12.1
Pivotal Software Cloud Foundry Uaa 4.13.4
Pivotal Software Cloud Foundry Uaa 4.12.0
Pivotal Software Cloud Foundry Uaa 4.13.0
Pivotal Software Cloud Foundry Uaa 4.12.2
Pivotal Software Cloud Foundry Uaa-release 57.1
Pivotal Software Cloud Foundry Uaa-release 58
Pivotal Software Cloud Foundry Uaa-release 57
Cloudfoundry Cf-deployment
7.5
CVSSv3
CVE-2018-1280
Pivotal Greenplum Command Center versions 2.x before 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.
Pivotal Software Greenplum Command Center
9.8
CVSSv3
CVE-2018-1260
Spring Security OAuth, versions 2.3 before 2.3.3, 2.2 before 2.2.2, 2.1 before 2.1.2, 2.0 before 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint tha...
Pivotal Software Spring Security Oauth
6.5
CVSSv3
CVE-2018-1278
Apps Manager included in Pivotal Application Service, versions 1.12.x before 1.12.22, 2.0.x before 2.0.13, and 2.1.x before 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discov...
Pivotal Software Pivotal Application Service
8.8
CVSSv3
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Pivotal Software Spring Security
Vmware Spring Framework 5.0.5
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.4
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Testing Suite 10.1
Oracle Application Testing Suite 12.5.0.3
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Big Data Discovery 1.6.0
Oracle Communications Converged Application Server
Oracle Communications Diameter Signaling Router
Oracle Communications Network Integrity
Oracle Communications Performance Intelligence Center
Oracle Communications Services Gatekeeper
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Enterprise Manager For Mysql Database 13.2
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.3
7.5
CVSSv3
CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST en...
Pivotal Software Spring Data Commons
Pivotal Software Spring Data Rest
7.5
CVSSv3
CVE-2016-8220
Pivotal Gemfire for PCF, versions 1.6.x before 1.6.5.0 and 1.7.x before 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route.
Pivotal Software Gemfire
9.8
CVSSv3
CVE-2018-1273
Spring Data Commons, versions before 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted r...
Pivotal Software Spring Data Commons
Pivotal Software Spring Data Rest
Apache Ignite 1.0.0
Apache Ignite
5 Github repositories
10
CVSSv3
CVE-2016-0898
MySQL for PCF tiles 1.7.x prior to 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
Vmware Pivotal Software Mysql 1.7.0
Vmware Pivotal Software Mysql 1.7.0.1
Vmware Pivotal Software Mysql 1.7.0.2
Vmware Pivotal Software Mysql 1.7.0.3
Vmware Pivotal Software Mysql 1.7.0.4
Vmware Pivotal Software Mysql 1.7.1
Vmware Pivotal Software Mysql 1.7.2
Vmware Pivotal Software Mysql 1.7.3
Vmware Pivotal Software Mysql 1.7.4
Vmware Pivotal Software Mysql 1.7.5
Vmware Pivotal Software Mysql 1.7.6
Vmware Pivotal Software Mysql 1.7.7
Vmware Pivotal Software Mysql 1.7.8
Vmware Pivotal Software Mysql 1.7.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »