Lucene search
K
CloudfoundryCloud Foundry Uaa Bosh

15 matches found

CVE
CVE
added 2017/06/13 6:0 a.m.68 views

CVE-2017-4991

CVE-2017-4991 affects Cloud Foundry products: cf-release versions before v260 and multiple UAA releases (2.x before v2.7.4.16; 3.6.x before v3.6.10; 3.9.x before v3.9.12; others before v3.17.0) plus UAA-bosh releases (uaa-release) before v13.14, v24.9, v30.2, and earlier versions before v36. The ...

7.2CVSS6.9AI score0.00936EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.55 views

CVE-2017-4973

Cloud Foundry UAA Privilege Escalation (CVE-2017-4973) affects cf-release prior to v257 and UAA releases before the specified upgrades (2.x before v2.7.4.14, 3.6.x before v3.6.8, 3.9.x before v3.9.10, and other versions before v3.15.0), as well as UAA bosh releases (13.x before v13.12, 24.x befor...

8.8CVSS8.4AI score0.01068EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.55 views

CVE-2017-4992

CVE-2017-4992 affects Cloud Foundry components including cf-release prior to v261 and UAA releases prior to specified versions (2.x before 2.7.4.17, 3.6.x before 3.6.11, 3.9.x before 3.9.13, and other versions before v4.2.0; UAA bosh releases prior to 13.x before 13.15, 24.x before 24.10, 30.x be...

9.8CVSS9.5AI score0.01167EPSS
CVE
CVE
added 2017/04/11 3:0 p.m.52 views

CVE-2016-4468

CVE-2016-4468 describes a SQL injection vulnerability in Cloud Foundry components (PCF before v238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; Ops Manager 1.7.x before 1.7.8) ...

8.8CVSS8.7AI score0.02139EPSS
CVE
CVE
added 2017/03/10 1:0 a.m.52 views

CVE-2017-4960

The CVE-2017-4960 issue affects Cloud Foundry components where the UAA OAuth clients can be subjected to a denial-of-service due to the lockout feature. Affected are Cloud Foundry release v247–v252, UAA standalone releases v3.9.0–v3.11.0, and UAA Bosh Releases v21–v26. If exploited, this could im...

7.5CVSS7.3AI score0.01581EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.52 views

CVE-2017-4974

CVE-2017-4974 is a blind SQL injection vulnerability affecting Cloud Foundry Foundation components: cf-release versions prior to v258 and UAA releases prior to v2.7.4.15 (2.x), v3.6.9 (3.6.x), v3.9.11 (3.9.x), and prior to v3.16.0 in general, plus uaa-release bosh releases prior to v13.13, v24.8,...

6.5CVSS6.8AI score0.00974EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.52 views

CVE-2017-4994

CVE-2017-4994 affects Cloud Foundry components including cf-release prior to v263 and UAA releases earlier than v2.7.4.18 (2.x), v3.6.12 (3.6.x), v3.9.14 (3.9.x), and v4.3.0+ for other lines, plus UAA Bosh releases prior to v13.16, v24.11, and v30.4. The issue is with forwarded HTTP headers in UA...

7.5CVSS7.4AI score0.01105EPSS
CVE
CVE
added 2017/07/10 8:0 p.m.52 views

CVE-2017-8032

CVE-2017-8032 affects Cloud Foundry components (cf-release and UAA) where zone administrators can escalate privileges when mapping permissions for external providers. Affected versions include cf-release before v264; UAA v2.x.x; 3.6.x before 3.6.13; 3.9.x before 3.9.15; 3.20.x before 3.20.0; and ...

6.6CVSS6.5AI score0.00879EPSS
CVE
CVE
added 2016/09/30 12:0 a.m.51 views

CVE-2016-6636

CVE-2016-6636 affects Pivotal Cloud Foundry components and related UAA releases. The vulnerability arises from improper validation of redirect_uri subdomains in the OAuth authorization flow, enabling a remote attacker to obtain implicit access tokens by using a modified subdomain. Affected softwa...

5.3CVSS5.1AI score0.01385EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.50 views

CVE-2017-4972

CVE-2017-4972 describes a blind SQL injection vulnerability in Cloud Foundry components: cf-release before v257; UAA 2.x before v2.7.4.14, 3.6.x before v3.6.8, 3.9.x before v3.9.10, and other versions before v3.15.0; and UAA Release (uaa-release) 13.x before v13.12, 24.x before v24.7, and other v...

7.5CVSS7.8AI score0.01085EPSS
CVE
CVE
added 2016/12/23 5:0 a.m.48 views

CVE-2016-6659

CVE-2016-6659 affects Cloud Foundry components: Cloud Foundry release v247 and earlier, UAA 2.x up to 2.7.4.12, UAA 3.x up to 3.6.5, and 3.7.x–3.9.x up to 3.9.3, plus the UAA bosh release (uaa-release) up to v13.9 (for 3.6.5) or v24 (for 3.9.3). The root cause is an elevation of privilege through...

8.1CVSS8.2AI score0.01144EPSS
CVE
CVE
added 2017/05/25 5:0 p.m.46 views

CVE-2016-3084

CVE-2016-3084 affects the Cloud Foundry UAA password reset flow, vulnerable to brute force when using the internal UAA user store. The issue occurs due to multiple active reset codes at a given time and does not apply to deployments using SAML/LDAP. Affected products/versions include Cloud Foundr...

8.1CVSS8AI score0.0119EPSS
CVE
CVE
added 2016/09/30 12:0 a.m.44 views

CVE-2016-6637

CVE-2016-6637 involves multiple CSRF vulnerabilities in Pivotal Cloud Foundry (PCF) and related components. The Cloud Foundry release v241 and earlier, UAA releases v2.0.0–v2.7.4.6 and v3.0.0–v3.6.0, and UAA bosh releases up to v15 are affected. The flaw arises because the profile and authorize a...

9.6CVSS9.5AI score0.00726EPSS
CVE
CVE
added 2017/05/25 5:0 p.m.43 views

CVE-2016-0781

The CVE-2016-0781 issue affects Cloud Foundry ecosystem components: UAA OAuth approval pages in Cloud Foundry v208–v231, Login-server v1.6–v1.14, UAA v2.0.0–v2.7.4.1, UAA v3.0.0–v3.2.0, UAA-Release v2–v7, and Pivotal Elastic Runtime 1.6.x before 1.6.20. The vulnerability is an XSS flaw introduced...

6.1CVSS5.9AI score0.00656EPSS
CVE
CVE
added 2016/09/30 12:0 a.m.39 views

CVE-2016-6651

CVE-2016-6651 affects the UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF), including PCF prior to v243 and UAA releases up to specific versions (UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime and Ops Manager acro...

8.8CVSS8.5AI score0.01748EPSS
Web