Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-8036
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller V...
Cloudfoundry Capi-release 1.33.0
5
CVSSv2
CVE-2017-4960
An issue exists in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 3.11.0
Pivotal Software Cloud Foundry 247.0
Pivotal Software Cloud Foundry Uaa 3.9.6
Pivotal Software Cloud Foundry Uaa 3.9.0
Pivotal Software Cloud Foundry 248.0
Pivotal Software Cloud Foundry Uaa 3.9.3
Pivotal Software Cloud Foundry 252.0
Pivotal Software Cloud Foundry 250.0
Pivotal Software Cloud Foundry Uaa 3.9.2
Pivotal Software Cloud Foundry Uaa 3.9.7
Pivotal Software Cloud Foundry Uaa 3.10.0
Pivotal Software Cloud Foundry Uaa 3.9.1
Pivotal Software Cloud Foundry 249.0
Pivotal Software Cloud Foundry Uaa 3.9.4
Pivotal Software Cloud Foundry 251.0
Cloudfoundry Cloud Foundry Uaa Bosh 24
Cloudfoundry Cloud Foundry Uaa Bosh 25
Cloudfoundry Cloud Foundry Uaa Bosh 26
Cloudfoundry Cloud Foundry Uaa Bosh 24.5
Cloudfoundry Cloud Foundry Uaa Bosh 24.6
4
CVSSv2
CVE-2017-4974
An issue exists in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior...
Pivotal Software Cloud Foundry Uaa 3.6.6
Pivotal Software Cloud Foundry Uaa 3.6.4
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 2.7.4.13
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 2.7.4.5
Pivotal Software Cloud Foundry Uaa 3.9.10
Pivotal Software Cloud Foundry Uaa 2.7.4.3
Pivotal Software Cloud Foundry Uaa 3.9.13
Pivotal Software Cloud Foundry Uaa 3.6.5
Pivotal Software Cloud Foundry Uaa 3.9.6
Pivotal Software Cloud Foundry Uaa 3.6.7
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 3.9.9
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 3.6.8
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 3.9.3
Pivotal Software Cloud Foundry Uaa 3.6.2
4
CVSSv2
CVE-2019-3786
Cloud Foundry BOSH Backup and Restore CLI, all versions before 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs u...
Cloudfoundry Bosh Backup And Restore
NA
CVE-2023-20903
This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the ...
Cloudfoundry User Account And Authentication
4.6
CVSSv2
CVE-2017-4964
Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."
Cloudfoundry Bosh Azure Cpi 22
4.3
CVSSv2
CVE-2019-11274
Cloud Foundry UAA, versions before 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.
Cloudfoundry User Account And Authentication
1 Github repository
6.5
CVSSv2
CVE-2019-11278
CF UAA versions before 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the...
Cloudfoundry User Account And Authentication
6.5
CVSSv2
CVE-2017-4973
An issue exists in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior...
Pivotal Software Cloud Foundry Uaa 3.6.6
Pivotal Software Cloud Foundry Uaa 3.6.4
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 2.7.4.13
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 2.7.4.5
Pivotal Software Cloud Foundry Uaa 2.7.4.3
Pivotal Software Cloud Foundry Uaa 3.9.13
Pivotal Software Cloud Foundry Uaa 3.6.5
Pivotal Software Cloud Foundry Uaa 3.9.6
Pivotal Software Cloud Foundry Uaa 3.6.7
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 3.9.9
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 3.9.3
Pivotal Software Cloud Foundry Uaa 3.6.2
Pivotal Software Cloud Foundry Uaa 2.7.4.7
Pivotal Software Cloud Foundry Uaa 3.9.2
Pivotal Software Cloud Foundry Uaa 2.7.4.12
5.8
CVSSv2
CVE-2017-8047
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishi...
Pivotal Routing-release
Cloudfoundry Cf-release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »