Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9494
RabbitMQ prior to 3.4.0 allows remote malicious users to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
Pivotal Software Rabbitmq
8.1
CVSSv3
CVE-2018-15796
Cloud Foundry Bits Service Release, versions before 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Pivotal Software Bits Service
5.4
CVSSv3
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework prior to 3.2.2 does not properly escape certain characters, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a (1) line separator or...
Pivotal Software Spring Framework
8.8
CVSSv3
CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
Pivotal Software Bosh Cli
8.5
CVSSv3
CVE-2018-1197
In Windows Stemcells versions before 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
Pivotal Software Windows Stemcells
8.8
CVSSv3
CVE-2018-15762
Pivotal Operations Manager, versions 2.0.x before 2.0.24, versions 2.1.x before 2.1.15, versions 2.2.x before 2.2.7, and versions 2.3.x before 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a ne...
Pivotal Software Operations Manager
6.5
CVSSv3
CVE-2019-11292
Pivotal Ops Manager, versions 2.4.x before 2.4.27, 2.5.x before 2.5.24, 2.6.x before 2.6.16, and 2.7.x before 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as w...
Pivotal Software Operations Manager
5.4
CVSSv3
CVE-2019-3776
Pivotal Operations Manager, 2.1.x versions before 2.1.20, 2.2.x versions before 2.2.16, 2.3.x versions before 2.3.10, 2.4.x versions before 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interac...
Pivotal Software Operations Manager
9.8
CVSSv3
CVE-2019-3777
Pivotal Application Service (PAS), versions 2.2.x before 2.2.12, 2.3.x before 2.3.7 and 2.4.x before 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS ...
Pivotal Software Application Service
9.8
CVSSv3
CVE-2019-3793
Pivotal Apps Manager Release, versions 665.0.x before 665.0.28, versions 666.0.x before 666.0.21, versions 667.0.x before 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization c...
Pivotal Software Application Service
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »