Skip to main content

Cloud Foundry Ops Manager

5 CVEs product

Monthly

CVE-2016-4468 HIGH PATCH This Week

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Elastic Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2016-6657 HIGH This Week

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Cloud Foundry Ops Manager Cloud Foundry Elastic Runtime
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-6651 HIGH This Week

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-6637 Maven CRITICAL PATCH Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic CSRF Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
9.6
EPSS
0.1%
CVE-2016-6636 MEDIUM This Month

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
5.3
EPSS
0.2%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Elastic Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 7.4
HIGH This Week

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Cloud Foundry Ops Manager +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic CSRF Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Cloud Foundry Uaa Bosh +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy