Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry uaa vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
4.3
CVSSv3
CVE-2019-11268
Cloud Foundry UAA version before 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, cl...
Pivotal Software Cloud Foundry Uaa-release
8.8
CVSSv3
CVE-2019-3787
Cloud Foundry UAA, versions before 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors includin...
Pivotal Software Cloud Foundry Uaa-release
8.8
CVSSv3
CVE-2018-15754
Cloud Foundry UAA, versions 60 before 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able ...
Pivotal Software Cloud Foundry Uaa-release
3.7
CVSSv3
CVE-2015-3189
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerabilit...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2015-5173
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage.&qu...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
6.1
CVSSv3
CVE-2015-3190
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an malicious user to insert malicious web page as a redi...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2015-5172
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire password reset links.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »