Skip to main content

Cloud Foundry Uaa Bosh

15 CVEs product

Monthly

CVE-2017-8032 Maven MEDIUM PATCH This Month

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cloud Foundry Uaa Cloud Foundry Uaa Bosh Cloud Foundry Cf
NVD
CVSS 3.0
6.6
EPSS
0.3%
CVE-2017-4994 HIGH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Bosh Cloud Foundry Cf Cloud Foundry Uaa
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-4992 Maven CRITICAL PATCH Act Now

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-4991 Maven HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2017-4974 Maven MEDIUM PATCH This Month

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-4973 Maven HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cloud Foundry Uaa Bosh Cloud Foundry Cf Cloud Foundry Uaa
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-4972 HIGH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-3084 Maven HIGH PATCH This Week

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Elastic Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-0781 MEDIUM This Month

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Elastic Cloud Foundry Uaa Bosh Cloud Foundry +3
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4468 HIGH PATCH This Week

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Elastic Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-4960 Maven HIGH PATCH This Week

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Uaa
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6659 HIGH This Week

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Uaa
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-6651 HIGH This Week

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-6637 Maven CRITICAL PATCH Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic CSRF Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
9.6
EPSS
0.1%
CVE-2016-6636 MEDIUM This Month

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Elastic Runtime +2
NVD
CVSS 3.0
5.3
EPSS
0.2%
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cloud Foundry Uaa Cloud Foundry Uaa Bosh +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Bosh Cloud Foundry Cf +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cf Release Cloud Foundry Uaa Bosh +1
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cf Release Cloud Foundry Uaa Bosh +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cf Release Cloud Foundry Uaa Bosh +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cloud Foundry Uaa Bosh Cloud Foundry Cf +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cf Release Cloud Foundry Uaa Bosh +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Elastic Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Elastic +5
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Elastic Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cloud Foundry Uaa Bosh Cloud Foundry +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Bosh Cloud Foundry +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic CSRF Cloud Foundry Uaa Bosh +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Cloud Foundry Uaa Bosh +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy