Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-2958

Malware in sbrugna...

6.5CVSS5.7AI score0.01006EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-0761

Malware in sbrugna...

8.8CVSS8.6AI score0.01154EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-2672

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3237

Malicious code in bioql PyPI...

7.2CVSS7AI score0.01339EPSS
Exploits0References6
NVD
NVD
added 2025/01/31 6:15 a.m.15 views

CVE-2025-22216

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 5:47 a.m.8 views

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS5.3AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2025/01/31 5:47 a.m.61 views

CVE-2025-22216

CVE-2025-22216 affects CloudFoundry UAA (multi-identity-zone configuration). The issue is improper validation of session information across zones, allowing a user authenticated against a corporate IDP to reuse a jsessionid to access other zones. Affected releases include UAA up to 77.20.1, 77.24....

5.4CVSS5.3AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.8 views

PT-2025-4393 · Uaa · Uaa

Name of the Vulnerable Software and Affected Versions: UAA affected versions not specified Description: The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate ID...

5.4CVSS6.7AI score0.00188EPSS
Exploits0References4
Cloud Foundry
Cloud Foundry
added 2025/01/29 12:0 a.m.13 views

CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry

Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...

5.4CVSS5.9AI score0.00188EPSS
Exploits0
OSV
OSV
added 2022/05/13 1:7 a.m.13 views

GHSA-8V97-GV3G-32RF UAA privilege escalation across identity zones

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...

7.2CVSS7AI score0.01339EPSS
Exploits0References5
Prion
Prion
added 2019/07/11 6:15 p.m.12 views

Input validation

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and grou...

4CVSS4.4AI score0.01006EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/15 8:29 p.m.15 views

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...

7.2CVSS7.1AI score0.01339EPSS
Exploits0References1
Prion
Prion
added 2018/05/15 8:29 p.m.19 views

Privilege escalation

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...

6.5CVSS7.1AI score0.01339EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2018/05/15 8:29 p.m.14 views

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...

7.2CVSS7.4AI score0.01339EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/15 8:0 p.m.16 views

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...

7.1AI score0.01339EPSS
Exploits0References1
CVE
CVE
added 2018/05/15 8:0 p.m.65 views

CVE-2018-1262

The CVE-2018-1262 issue affects Cloud Foundry Foundation UAA (versions 4.12.x and 4.13.x). The root cause is a feature that allowed privilege escalation across identity zones when offline token validation is performed, enabling a zone administrator to configure tokens impersonating another zone a...

7.2CVSS7AI score0.01339EPSS
Exploits0References1Affected Software1
Cloud Foundry
Cloud Foundry
added 2018/05/14 12:0 a.m.46 views

CVE-2018-1262: UAA privilege escalation across identity zones | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa-release versions v57, v57.1 or v58 You are using uaa versions 4.12.x or 4.13.x You are using cf-deployment versions v1.27.0 through v1.31.0 Description UAA, versions 4.12.X and 4.13.X,...

7.2CVSS7.1AI score0.01339EPSS
Exploits0
CNVD
CNVD
added 2018/01/23 12:0 a.m.2 views

Pivotal Cloud Foundry and UAA elevation of privilege vulnerability (CNVD-2018-04368)

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. of the U.S. PCF is an open-source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other capabilities.UAA is an authentication and...

8.8CVSS7.7AI score0.01154EPSS
Exploits0References1
Prion
Prion
added 2017/09/07 1:29 p.m.20 views

Information disclosure

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges...

6.5CVSS7.1AI score0.01154EPSS
Exploits0References1Affected Software4
NVD
NVD
added 2017/09/07 1:29 p.m.23 views

CVE-2016-0732

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges...

8.8CVSS8.5AI score0.01154EPSS
Exploits0References1
Rows per page
Query Builder