Lucene search
DellCVELIST:CVE-2019-3794HistoryJul 18, 2019 - 3:47 p.m.
CVE-2019-3794 UAA - Login app subject to clickjacking attack
2019-07-1815:47:00
CWE-284
dell
www.cve.org
5
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
49.6%
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA’s frontend sites.
CNA Affected
[
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v73.4.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Code injection
2019-07-18 16:15:00
cve
cve
CVE-2019-3794
2019-07-18 16:15:12
cloudfoundry
cloudfoundry
osv
osv
CVE-2019-3794
2019-07-18 16:15:12
veracode
veracode
Clickjacking
2019-07-19 22:43:07
nvd
nvd
CVE-2019-3794
2019-07-18 16:15:12
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
49.6%
Related for CVELIST:CVE-2019-3794