123 matches found
CVE-2016-6651
The UAA /oauth/token endpoint in Pivotal Cloud Foundry PCF before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and...
CVE-2016-6637
Multiple cross-site request forgery CSRF vulnerabilities in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops...
Pivotal Cloud Foundry Ops Manager Insecure Default Password Vulnerability
Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment, etc. PCF Ops Manager is one of the management tools used for deployment, online...
CVE-2016-0930
Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...
CVE-2016-0930
Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...
CVE-2016-0927
Cross-site scripting XSS vulnerability in Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-0897
Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...
CVE-2016-0883
Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...
Design/Logic Flaw
Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...
Authentication flaw
Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...
CVE-2016-0883
Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...
Default credentials
Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...
Cross site scripting
Cross-site scripting XSS vulnerability in Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-0883
Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...
CVE-2016-0927
The CVE-2016-0927 issue affects Pivotal Cloud Foundry (PCF) Ops Manager, specifically versions before 1.6.17. Descriptions across multiple sources identify a cross-site scripting (XSS) or HTML injection vulnerability that allows remote attackers to inject arbitrary scripts or HTML via unspecified...
CVE-2016-0927
Cross-site scripting XSS vulnerability in Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-0897
Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...
CVE-2016-0930
Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...
CVE-2016-0883
CVE-2016-0883 affects Pivotal Cloud Foundry Ops Manager prior to 1.5.14 and 1.6.x prior to 1.6.9. The issue is that the same cookie-encryption key was used across different customers’ installations, enabling remote attackers to bypass session authentication by leveraging knowledge of the key from...
CVE-2016-0930
Pivotal Cloud Foundry Ops Manager is affected: versions before 1.6.19 and 1.7.x before 1.7.10 expose a default password on compilation VMs when using vCloud or vSphere. This allows remote attackers to obtain SSH access during the installation window when those VMs exist. The vulnerability’s impac...