CVE-2019-3794 is a vulnerability in Pivotal Software Cloud Foundry Uaa
Published on July 18, 2019
UAA - Login app subject to clickjacking attack
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2019-3794 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2019-3794
Want to know whenever a new CVE is published for Pivotal Software Cloud Foundry Uaa? stack.watch will email you.
Affected Versions
Cloud Foundry UAA Release (OSS):- Version All and below v73.4.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.