Skip to main content

Cloud Foundry Uaa Release

8 CVEs product

Monthly

CVE-2019-11268 MEDIUM This Month

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-3787 HIGH This Week

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-15754 HIGH This Week

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-11041 Maven MEDIUM PATCH This Month

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cloud Foundry Uaa Cloud Foundry Uaa Release
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1262 Maven HIGH PATCH This Week

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cloud Foundry Uaa Cloud Foundry Uaa Release Cf Deployment
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-1192 Maven HIGH PATCH This Week

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Cloud Foundry Uaa Release Cloud Foundry Cf Release Cloud Foundry Cf Deployment
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-4963 HIGH This Week

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Cloud Foundry Cf Release Cloud Foundry Uaa Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-5016 Maven MEDIUM PATCH This Month

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Elastic Information Disclosure Cloud Foundry Cloud Foundry Elastic Runtime Cloud Foundry Uaa +1
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
EPSS 1% CVSS 4.3
MEDIUM This Month

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Release
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cloud Foundry Uaa Cloud Foundry Uaa Release
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cloud Foundry Uaa Cloud Foundry Uaa Release +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Cloud Foundry Uaa Release +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Cloud Foundry Cf Release +2
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Elastic Information Disclosure Cloud Foundry +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy