Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/31 6:15 a.m.18 views

CVE-2025-22216

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/31 5:47 a.m.21 views

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2025/01/31 5:47 a.m.62 views

CVE-2025-22216

CVE-2025-22216 affects CloudFoundry UAA (multi-identity-zone configuration). The issue is improper validation of session information across zones, allowing a user authenticated against a corporate IDP to reuse a jsessionid to access other zones. Affected releases include UAA up to 77.20.1, 77.24....

5.4CVSS5.3AI score0.00188EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2025/01/29 12:0 a.m.15 views

CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry

Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...

5.4CVSS5.9AI score0.00188EPSS
Exploits0
Rows per page
Query Builder