Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-3803
Pivotal Concourse, all versions before 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.
Pivotal Software Concourse
578
VMScore
CVE-2018-15762
Pivotal Operations Manager, versions 2.0.x before 2.0.24, versions 2.1.x before 2.1.15, versions 2.2.x before 2.2.7, and versions 2.3.x before 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a ne...
Pivotal Software Operations Manager
578
VMScore
CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
Pivotal Software Bosh Cli
356
VMScore
CVE-2018-1276
Windows 2012R2 stemcells, versions before 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.
Pivotal Software Windows Stemcells
490
VMScore
CVE-2018-15796
Cloud Foundry Bits Service Release, versions before 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Pivotal Software Bits Service
534
VMScore
CVE-2018-1197
In Windows Stemcells versions before 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
Pivotal Software Windows Stemcells
578
VMScore
CVE-2020-5407
Spring Security versions 5.2.x before 5.2.4 and 5.3.x before 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response a...
Pivotal Software Spring Security
312
VMScore
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework prior to 3.2.2 does not properly escape certain characters, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a (1) line separator or...
Pivotal Software Spring Framework
312
VMScore
CVE-2019-3776
Pivotal Operations Manager, 2.1.x versions before 2.1.20, 2.2.x versions before 2.2.16, 2.3.x versions before 2.3.10, 2.4.x versions before 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interac...
Pivotal Software Operations Manager
445
VMScore
CVE-2019-3777
Pivotal Application Service (PAS), versions 2.2.x before 2.2.12, 2.3.x before 2.3.7 and 2.4.x before 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS ...
Pivotal Software Application Service
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »