Cloud Foundry Uaa Release Pivotal Software Cloud Foundry Uaa Release

Do you want an email whenever new security vulnerabilities are reported in Pivotal Software Cloud Foundry Uaa Release?

By the Year

In 2024 there have been 0 vulnerabilities in Pivotal Software Cloud Foundry Uaa Release . Cloud Foundry Uaa Release did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 2 6.55
2018 4 7.73

It may take a day or so for new Cloud Foundry Uaa Release vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pivotal Software Cloud Foundry Uaa Release Security Vulnerabilities

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping

CVE-2019-11268 4.3 - Medium - July 11, 2019

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

Information Disclosure

Cloud Foundry UAA

CVE-2019-3787 8.8 - High - June 19, 2019

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending unknown.org to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.

Weak Password Recovery Mechanism for Forgotten Password

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error

CVE-2018-15754 8.8 - High - December 13, 2018

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

AuthZ

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page

CVE-2018-11041 6.1 - Medium - June 25, 2018

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.

Open Redirect

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could

CVE-2018-1262 7.2 - High - May 15, 2018

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5

CVE-2018-1192 8.8 - High - February 01, 2018

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Pivotal Software Cloud Foundry Uaa or by Pivotal Software? Click the Watch button to subscribe.

subscribe