Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2016-6659
Cloud Foundry prior to 248; UAA 2.x prior to 2.7.4.12, 3.x prior to 3.6.5, and 3.7.x up to and including 3.9.x prior to 3.9.3; and UAA bosh release (aka uaa-release) prior to 13.9 for UAA 3.6.5 and prior to 24 for UAA 3.9.3 allow malicious users to gain privileges by accessing UA...
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry
Pivotal Software Cloud Foundry Uaa
6.5
CVSSv2
CVE-2018-1192
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions before 4.5.5, 4.8.x versions before 4.8.3, and 4.7.x versions before 4.7.4; and UAA-release 45.7.x versions before 45.7, 52.7.x versions before 52.7, and 53.3.x...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa-release 53.3
Pivotal Software Cloud Foundry Uaa-release 52.7
Pivotal Software Cloud Foundry Uaa-release 45.7
Pivotal Software Cloud Foundry Cf-release
Pivotal Software Cloud Foundry Cf-deployment
4.3
CVSSv2
CVE-2016-3084
The UAA reset password flow in Cloud Foundry release v236 and previous versions versions, UAA release v3.3.0 and previous versions versions, all versions of Login-server, UAA release v10 and previous versions versions and Pivotal Elastic Runtime versions before 1.7.2 is vulnerabl...
Pivotal Software Login-server -
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry
6.8
CVSSv2
CVE-2017-4963
An issue exists in Cloud Foundry Foundation Cloud Foundry release v252 and previous versions versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to auth...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa-release
Pivotal Software Cloud Foundry Cf-release
1 Github repository
NA
CVE-2023-34061
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Routing Release
7.5
CVSSv2
CVE-2016-9885
An issue exists in Pivotal GemFire for PCF 1.6.x versions before 1.6.5 and 1.7.x versions before 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communicati...
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.7.0.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.4.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.3.0
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.2
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.1
Pivotal Software Gemfire For Pivotal Cloud Foundry 1.6.0.0
4
CVSSv2
CVE-2017-8040
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3, an XXE (XML External Entity) attack exists in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data o...
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.3
4.3
CVSSv2
CVE-2017-8041
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.3
5.8
CVSSv2
CVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and before 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, all...
Pivotal Software Cloud Foundry Uaa-release
Pivotal Software Cloud Foundry Uaa
4.3
CVSSv2
CVE-2017-8044
In Pivotal Single Sign-On for PCF (1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.0
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.2
Vmware Single Sign-on For Pivotal Cloud Foundry 1.3.3
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.1
Vmware Single Sign-on For Pivotal Cloud Foundry 1.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »