Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software cloudfoundry uaa vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv2
CVE-2015-5172
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire password reset links.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv2
CVE-2017-4992
An issue exists in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior...
Pivotal Software Cloud Foundry Uaa 3.6.10
Pivotal Software Cloud Foundry Uaa 2.7.4.15
Pivotal Software Cloud Foundry Uaa 3.6.6
Pivotal Software Cloud Foundry Uaa 3.6.4
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 2.7.4.13
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 3.6.9
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 2.7.4.3
Pivotal Software Cloud Foundry Uaa 2.7.4.5
Pivotal Software Cloud Foundry Uaa 2.7.4.7
Pivotal Software Cloud Foundry Uaa 2.7.4.12
Pivotal Software Cloud Foundry Uaa 2.7.4.16
Pivotal Software Cloud Foundry Uaa 3.6.2
Pivotal Software Cloud Foundry Uaa 3.6.5
Pivotal Software Cloud Foundry Uaa 3.6.7
Pivotal Software Cloud Foundry Uaa 3.6.8
6.8
CVSSv2
CVE-2015-5173
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage.&qu...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
6.8
CVSSv2
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
6.8
CVSSv2
CVE-2015-3191
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an malicious user to trigger an e-mail change for a...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
6.8
CVSSv2
CVE-2016-6637
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) prior to 242; UAA 2.x prior to 2.7.4.7, 3.x prior to 3.3.0.5, and 3.4.x prior to 3.4.4; UAA BOSH prior to 11.5 and 12.x prior to 12.5; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21,...
Pivotal Software Cloud Foundry Ops Manager 1.7.9
Pivotal Software Cloud Foundry Ops Manager 1.7.8
Pivotal Software Cloud Foundry Ops Manager 1.7.1
Pivotal Software Cloud Foundry Ops Manager 1.7.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.34
Pivotal Software Cloud Foundry Elastic Runtime 1.6.33
Pivotal Software Cloud Foundry Elastic Runtime 1.6.26
Pivotal Software Cloud Foundry Elastic Runtime 1.6.25
Pivotal Software Cloud Foundry Elastic Runtime 1.6.17
Pivotal Software Cloud Foundry Elastic Runtime 1.6.15
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.7.20
Pivotal Software Cloud Foundry Elastic Runtime 1.7.19
Pivotal Software Cloud Foundry Elastic Runtime 1.7.12
Pivotal Software Cloud Foundry Elastic Runtime 1.7.11
Pivotal Software Cloud Foundry Elastic Runtime 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime 1.7.3
Pivotal Software Cloud Foundry Elastic Runtime 1.7.2
Pivotal Software Cloud Foundry Uaa 2.5.1
Pivotal Software Cloud Foundry Uaa 2.6.1
Pivotal Software Cloud Foundry Uaa 3.0.1
6.5
CVSSv2
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
6.5
CVSSv2
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, g...
Pivotal Software Cloud Foundry Uaa 4.13.2
Pivotal Software Cloud Foundry Uaa 4.13.3
Pivotal Software Cloud Foundry Uaa 4.13.1
Pivotal Software Cloud Foundry Uaa 4.12.1
Pivotal Software Cloud Foundry Uaa 4.13.4
Pivotal Software Cloud Foundry Uaa 4.12.0
Pivotal Software Cloud Foundry Uaa 4.13.0
Pivotal Software Cloud Foundry Uaa 4.12.2
Pivotal Software Cloud Foundry Uaa-release 57.1
Pivotal Software Cloud Foundry Uaa-release 58
Pivotal Software Cloud Foundry Uaa-release 57
Cloudfoundry Cf-deployment
6.5
CVSSv2
CVE-2017-4991
An issue exists in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prio...
Pivotal Software Cloud Foundry Uaa 2.7.4.15
Pivotal Software Cloud Foundry Uaa 3.6.6
Pivotal Software Cloud Foundry Uaa 3.6.4
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 2.7.4.13
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 3.6.9
Pivotal Software Cloud Foundry Uaa 2.7.4.5
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 2.7.4
Pivotal Software Cloud Foundry Uaa 2.7.4.1
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 2.7.4.3
Pivotal Software Cloud Foundry Uaa 2.7.4.7
Pivotal Software Cloud Foundry Uaa 2.7.4.8
Pivotal Software Cloud Foundry Uaa 2.7.4.12
Pivotal Software Cloud Foundry Uaa 3.6.2
Pivotal Software Cloud Foundry Uaa 3.6.3
Pivotal Software Cloud Foundry Uaa 3.6.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »