Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 8:3 p.m.8 views

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS5.3AI score0.00131EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2026/06/11 12:0 a.m.12 views

CVE-2026-41005 - UAA accepts SAML Encrypted Assertions authentication bypass | Cloud Foundry

Severity CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 9.0 / Critical CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H 9.5 / Critical Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v2.0.0 through v78.13.0 incorrectly treated XML encryption to the Service...

9CVSS5.4AI score0.00131EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7555

Malware in sbrugna...

8.8CVSS8.8AI score0.01748EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-3259

Malware in sbrugna...

8.8CVSS8.6AI score0.00486EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14079

Malware in sbrugna...

8.1CVSS8.1AI score0.009EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-13419

Malware in sbrugna...

8.7CVSS7.5AI score0.00832EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4759

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01068EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5791

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0085EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3609

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01167EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4277

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01086EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3791

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00816EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/31 5:47 a.m.15 views

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS0.00188EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2025/01/29 12:0 a.m.13 views

CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry

Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...

5.4CVSS5.9AI score0.00188EPSS
Exploits0
NVD
NVD
added 2017/06/13 6:29 a.m.18 views

CVE-2017-4963

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external...

8.1CVSS8.1AI score0.009EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2017/05/16 12:0 a.m.35 views

CVE-2017-4991: UAA password reset vulnerability | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v260 UAA release: 2.x versions prior to v2.7.4.16 3.6.x versions prior to v3.6.10 3.9.x versions prior to v3.9.12 Other versions prior to v3.17.0 UAA bosh release uaa-release: 13.x versions prior to v13.1...

7.2CVSS7AI score0.00936EPSS
Exploits0
Rows per page
Query Builder