Pivotal Software

Cloud Foundry Uaa-release

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2019-11268

  • EPSS 0.36%
  • Published 11.07.2019 18:15:12
  • Last modified 21.11.2024 04:20:49

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain ...

8.8

CVE-2019-3787

  • EPSS 0.27%
  • Published 19.06.2019 23:15:10
  • Last modified 21.11.2024 04:42:32

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack v...

8.8

CVE-2018-15754

  • EPSS 0.41%
  • Published 13.12.2018 22:29:00
  • Last modified 21.11.2024 03:51:24

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to on...

6.1

CVE-2018-11041

  • EPSS 0.22%
  • Published 25.06.2018 15:29:00
  • Last modified 21.11.2024 03:42:33

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA ...

7.2

CVE-2018-1262

  • EPSS 0.41%
  • Published 15.05.2018 20:29:00
  • Last modified 21.11.2024 03:59:29

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens whi...

8.8

CVE-2018-1192

  • EPSS 0.47%
  • Published 01.02.2018 20:29:00
  • Last modified 21.11.2024 03:59:22

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 5...

8.1

CVE-2017-4963

  • EPSS 0.39%
  • Published 13.06.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation whe...

5.9

CVE-2016-5016

  • EPSS 0.28%
  • Published 24.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 ...