CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

CVE-2019-11268

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and grou...

CVE-2019-11268 UAA SQL Identity Zone Vulnerability

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and grou...

CVE-2019-11268: UAA SQL Identity Zone Vulnerability | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. UAA Release OSS is vulnerable prior to v73.3.0 Description UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated...