EUVD-2019-2970

Malware in sbrugna...

Information Disclosure

cloudfoundry-identity-server is vulnerable to information disclosure. A remotely authenticated attacker with scim.invite scope is able to obtain information about users of the UAA via blind SCIM injection through the email parameter...

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

Sql injection

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

CVE-2019-11282 UAA is vulnerable to a Blind SCIM injection leading to information disclosure

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

CVE-2019-11282

CVE-2019-11282 affects Cloud Foundry UAA prior to v74.3.0. A remote authenticated attacker with the scim.invite scope can craft requests to an endpoint vulnerable to SCIM injection, potentially leaking information about UAA users. The issue is documented across multiple sources (NVD entry, CNVD/C...

CVE-2019-11282: UAA is vulnerable to a Blind SCIM injection leading to information disclosure | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak...

CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...

CVE-2019-11278: Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ ca...