Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry uaa-release vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-11293
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided vi...
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
5
CVSSv2
CVE-2019-11290
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
4
CVSSv2
CVE-2019-11268
Cloud Foundry UAA version before 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, cl...
Pivotal Software Cloud Foundry Uaa-release
4.3
CVSSv2
CVE-2019-3787
Cloud Foundry UAA, versions before 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors includin...
Pivotal Software Cloud Foundry Uaa-release
5.8
CVSSv2
CVE-2019-3788
Cloud Foundry UAA Release, versions before 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA a...
Cloudfoundry Uaa Release
5
CVSSv2
CVE-2019-3801
Cloud Foundry cf-deployment, versions before 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the compo...
Cloudfoundry Credhub
Cloudfoundry Cf-deployment
Cloudfoundry Uaa Release
4
CVSSv2
CVE-2019-3775
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
Cloudfoundry Uaa Release
4
CVSSv2
CVE-2018-15754
Cloud Foundry UAA, versions 60 before 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able ...
Pivotal Software Cloud Foundry Uaa-release
6.5
CVSSv2
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
5
CVSSv2
CVE-2018-11082
Cloud Foundry UAA, all versions before 4.20.0 and Cloud Foundry UAA Release, all versions before 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Pivotal Software Cloudfoundry Uaa Release
Pivotal Software Cloudfoundry Uaa
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »