CVE-2019-11282 in Pivotal Software and Cloudfoundry Products
Published on October 23, 2019
UAA is vulnerable to a Blind SCIM injection leading to information disclosure
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2019-11282 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2019-11282
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-11282 are published in these products:
Affected Versions
Cloud Foundry UAA Release:- Version All and below v74.3.0 is affected.
- Version All and below v12.2.0 is affected.
Exploit Probability
EPSS
0.30%
Percentile
53.23%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.