CVE-2015-3190
- EPSS 0.2%
- Published 25.05.2017 17:29:00
- Last modified 20.04.2025 01:37:25
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert mali...
CVE-2015-3189
- EPSS 0.18%
- Published 25.05.2017 17:29:00
- Last modified 20.04.2025 01:37:25
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address t...
CVE-2015-1834
- EPSS 0.3%
- Published 25.05.2017 17:29:00
- Last modified 20.04.2025 01:37:25
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a give...
CVE-2017-4969
- EPSS 0.38%
- Published 20.04.2017 22:59:00
- Last modified 20.04.2025 01:37:25
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.
CVE-2016-9882
- EPSS 0.37%
- Published 13.01.2017 09:59:00
- Last modified 20.04.2025 01:37:25
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs a...