2 matches found
CVE-2019-11270: UAA clients.write vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ‘clients.write’ authority or scope can bypass the restrictions imposed on clients created via ‘clients.write’ and create clients wi...
CVE-2019-11268: UAA SQL Identity Zone Vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. UAA Release OSS is vulnerable prior to v73.3.0 Description UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated...