Lucene search
K

4 matches found

NVD
NVD
added 2026/04/17 1:17 a.m.8 views

CVE-2026-22734

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/16 11:33 p.m.34 views

CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 11:33 p.m.44 views

CVE-2026-22734

The CVE-2026-22734 issue concerns a SAML 2.0 signature/encryption bypass in Cloud Foundry UUA/UAA. Affected software includes Cloud Foundry UUA from v77.30.0 to v78.7.0 and CF Deployment from v48.7.0 to v54.14.0, where UAA accepts unsigned/unencrypted SAML 2.0 bearer assertions, enabling an attac...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33375

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References2
Rows per page
Query Builder