EUVD-2026-23322

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

EUVD-2018-13778

Malware in sbrugna...

EUVD-2025-3965

Malicious code in bioql PyPI...

Cloud Foundry UAA 安全漏洞

Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry Cloud Platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry UAA versions 77.21.0 through 7.31.0 that stems from private key exposure in logs...

CVE-2025-24868

The User Account and Authentication service UAA for SAP HANA extended application services, advanced model SAP HANA XS advanced model allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirec...

CVE-2025-24868

CVE-2025-24868 relates to SAP HANA XS Advanced (UAA) where an unauthenticated attacker can craft a link that redirects victims’ browsers to a malicious site due to insufficient redirect URL validation. Documented impact is limited to confidentiality, integrity, and availability. Affected componen...

PT-2025-6128 · Sap · Sap Hana Xs Advanced Model

Name of the Vulnerable Software and Affected Versions: SAP HANA extended application services, advanced model SAP HANA XS advanced model affected versions not specified Description: The User Account and Authentication service UAA for SAP HANA extended application services, advanced model allows a...

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

Cloud Foundry UAA Log Message Disclosure Vulnerability

Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry cloud platform from the Cloud Foundry Foundation in the United States. A log information disclosure vulnerability exists in Cloud Foundry UAA. An attacker can exploit this vulnerability to gain access to user...

Cloud Foundry UAA SCIM Injection Vulnerability

UAA is a multi-tenant identity management service used in Cloud Foundry and can also be used as a standalone OAuth2 server. A SCIM injection vulnerability exists in an endpoint in Cloud Foundry UAA versions prior to 74.3.0. An attacker could exploit this vulnerability to obtain information about ...

Cloud Foundry UAA Elevation of Authority Vulnerability

UAA is a multi-tenant identity management service used in Cloud Foundry and can also be used as a standalone OAuth2 server. An elevation of privilege vulnerability exists in Cloud Foundry UAA versions prior to 74.1.0. The vulnerability stems from the fact that UAA can request a scope for a client...

Cloud Foundry UAA Cross-Site Scripting Vulnerability

UAA is a multi-tenant identity management service used in Cloud Foundry and can also be used as a standalone OAuth2 server. A cross-site scripting vulnerability exists in Cloud Foundry UAA versions prior to 74.0.0. An attacker can exploit this vulnerability to execute malicious JavaScript via a...

Cloud Foundry UAA Security Bypass Vulnerability

Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry cloud platform from the Cloud Foundry Foundation in the United States. A security bypass vulnerability exists in Cloud Foundry UAA, which can be exploited by attackers to bypass restrictions...

Cloud Foundry UAA Input Validation Error Vulnerability

Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry cloud platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry UAA versions prior to 73.4.0 that stems from the program not setting the X-FRAME-OPTIONS...

CVE-2018-15795

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...

Pivotal Cloud Foundry Runtime cf-release, UAA and UAA bosh cross-site scripting vulnerabilities

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. of the United States. pCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other...

Multiple Pivotal Software Products Accept Expired Certificates Vulnerability

Pivotal Cloud Foundry PCF, UAA, and UAA-Release are products of Pivotal Software, Inc. of the U.S. PCF is a suite of open-source Platform-as-a-Service PaaS cloud computing platforms that provide features such as container scheduling, continuous delivery, and automated service deployment; UAA is a...

Pivotal Cloud Foundry and UAA Password Reset Vulnerability

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. in the United States. pcf is an open source platform-as-a-service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release...

Pivotal Cloud Foundry and UAA Elevation of Privilege Vulnerabilities

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. in the United States. pcf is an open source platform-as-a-service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release...

Pivotal Cloud Foundry and UAA Denial of Service Vulnerabilities

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. in the United States. pcf is an open source platform-as-a-service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release...