CVE-2019-11276
- EPSS 0.05%
- Published 19.08.2019 15:15:11
- Last modified 21.11.2024 04:20:50
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent...
CVE-2019-11270
- EPSS 0.23%
- Published 05.08.2019 17:15:10
- Last modified 21.11.2024 04:20:49
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrar...
CVE-2019-3793
- EPSS 0.3%
- Published 24.04.2019 16:29:02
- Last modified 21.11.2024 04:42:33
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic an...
CVE-2019-3777
- EPSS 0.72%
- Published 07.03.2019 18:29:00
- Last modified 21.11.2024 04:42:31
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hij...