Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv2
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv2
CVE-2015-5172
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire password reset links.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
5
CVSSv2
CVE-2016-6653
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote malicious users to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
Pivotal Software Cloud Foundry Cf Mysql 28.0
Pivotal Software Cloud Foundry Cf Mysql 27.0
6.8
CVSSv2
CVE-2015-3191
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an malicious user to trigger an e-mail change for a...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
4.3
CVSSv2
CVE-2015-3189
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerabilit...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv2
CVE-2018-1273
Spring Data Commons, versions before 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted r...
Pivotal Software Spring Data Commons
Pivotal Software Spring Data Rest
Apache Ignite 1.0.0
Apache Ignite
5 Github repositories
5
CVSSv2
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the malicious user to read privileged data.
Pivotal Software Concourse
NA
CVE-2022-31683
Concourse (7.x.y before 7.8.3 and 6.x.y before 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
Pivotal Software Concourse
5
CVSSv2
CVE-2018-1227
Pivotal Concourse after 2018-03-05 might allow remote malicious users to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source pr...
Pivotal Software Concourse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »