Skip to main content

User Account And Authentication

9 CVEs product

Monthly

CVE-2023-20903 MEDIUM This Month

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure User Account And Authentication
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-22098 MEDIUM This Month

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cf Deployment User Account And Authentication
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-22001 HIGH This Week

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5402 HIGH This Week

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cf Deployment User Account And Authentication
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-11293 MEDIUM This Month

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-11290 HIGH This Week

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-11278 HIGH This Week

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection User Account And Authentication
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-11274 MEDIUM This Month

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS User Account And Authentication
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2016-0732 HIGH This Week

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cf Release User Account And Authentication Uaa Release +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM This Month

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure User Account And Authentication
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cf Deployment User Account And Authentication
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cf Deployment User Account And Authentication
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Cf Deployment +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection User Account And Authentication
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS User Account And Authentication
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cf Release +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy