Skip to main content

Credhub

2 CVEs product

Monthly

CVE-2020-5399 HIGH This Week

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Credhub Cloud Foundry Cf Deployment
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-3801 CRITICAL Act Now

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Cf Deployment Credhub Uaa Release
NVD
CVSS 3.1
9.8
EPSS
0.6%
EPSS 1% CVSS 7.4
HIGH This Week

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Credhub Cloud Foundry Cf Deployment
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Cf Deployment +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy