Lucene search
K

2292 matches found

OSV
OSV
added 2026/05/05 12:0 a.m.6 views

OPENSUSE-SU-2026:10688-1 cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References1
NVD
NVD
added 2026/05/01 12:16 a.m.7 views

CVE-2026-22726

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 11:17 p.m.43 views

CVE-2026-22726 Route Services Firewall Bypass

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 11:17 p.m.6 views

EUVD-2026-26458

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS5.3AI score0.00199EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2026/04/20 12:0 a.m.6 views

CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry

Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v​​0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...

5CVSS5.4AI score0.00199EPSS
Exploits0
NVD
NVD
added 2026/04/17 1:17 a.m.8 views

CVE-2026-22734

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Cloud Foundry cf-deployment和Cloud Foundry UUA 安全漏洞

Cloud Foundry cf-deployment and Cloud Foundry UUA are both products of the American Cloud Foundry Foundation. Cloud Foundry cf-deployment is a Cloud Foundry deployment tool. Cloud Foundry UUA is an identity authentication and authorization management service. There are security vulnerabilities in...

8.6CVSS5.9AI score0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/16 11:33 p.m.33 views

CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 11:33 p.m.8 views

EUVD-2026-23322

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:33 p.m.9 views

CVE-2026-22734

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/16 11:33 p.m.44 views

CVE-2026-22734

The CVE-2026-22734 issue concerns a SAML 2.0 signature/encryption bypass in Cloud Foundry UUA/UAA. Affected software includes Cloud Foundry UUA from v77.30.0 to v78.7.0 and CF Deployment from v48.7.0 to v54.14.0, where UAA accepts unsigned/unencrypted SAML 2.0 bearer assertions, enabling an attac...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33375

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2026/04/06 12:0 a.m.10 views

CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry

Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...

8.6CVSS5.3AI score0.00364EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 4:56 p.m.11 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

9.1CVSS5.8AI score0.0122EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-22733

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 12:30 a.m.4 views

EUVD-2026-12667

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 11:16 p.m.5 views

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS0.00199EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 10:45 p.m.2 views

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/17 10:45 p.m.20 views

CVE-2026-22727 Cloud Foundry unprotected internal endpoints

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS0.00199EPSS
Exploits0References1
Rows per page
Query Builder