15 matches found
CVE-2017-4991
CVE-2017-4991 affects Cloud Foundry products: cf-release versions before v260 and multiple UAA releases (2.x before v2.7.4.16; 3.6.x before v3.6.10; 3.9.x before v3.9.12; others before v3.17.0) plus UAA-bosh releases (uaa-release) before v13.14, v24.9, v30.2, and earlier versions before v36. The ...
CVE-2017-4973
Cloud Foundry UAA Privilege Escalation (CVE-2017-4973) affects cf-release prior to v257 and UAA releases before the specified upgrades (2.x before v2.7.4.14, 3.6.x before v3.6.8, 3.9.x before v3.9.10, and other versions before v3.15.0), as well as UAA bosh releases (13.x before v13.12, 24.x befor...
CVE-2017-4992
CVE-2017-4992 affects Cloud Foundry components including cf-release prior to v261 and UAA releases prior to specified versions (2.x before 2.7.4.17, 3.6.x before 3.6.11, 3.9.x before 3.9.13, and other versions before v4.2.0; UAA bosh releases prior to 13.x before 13.15, 24.x before 24.10, 30.x be...
CVE-2016-4468
CVE-2016-4468 describes a SQL injection vulnerability in Cloud Foundry components (PCF before v238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; Ops Manager 1.7.x before 1.7.8) ...
CVE-2017-4960
The CVE-2017-4960 issue affects Cloud Foundry components where the UAA OAuth clients can be subjected to a denial-of-service due to the lockout feature. Affected are Cloud Foundry release v247–v252, UAA standalone releases v3.9.0–v3.11.0, and UAA Bosh Releases v21–v26. If exploited, this could im...
CVE-2017-4974
CVE-2017-4974 is a blind SQL injection vulnerability affecting Cloud Foundry Foundation components: cf-release versions prior to v258 and UAA releases prior to v2.7.4.15 (2.x), v3.6.9 (3.6.x), v3.9.11 (3.9.x), and prior to v3.16.0 in general, plus uaa-release bosh releases prior to v13.13, v24.8,...
CVE-2017-4994
CVE-2017-4994 affects Cloud Foundry components including cf-release prior to v263 and UAA releases earlier than v2.7.4.18 (2.x), v3.6.12 (3.6.x), v3.9.14 (3.9.x), and v4.3.0+ for other lines, plus UAA Bosh releases prior to v13.16, v24.11, and v30.4. The issue is with forwarded HTTP headers in UA...
CVE-2017-8032
CVE-2017-8032 affects Cloud Foundry components (cf-release and UAA) where zone administrators can escalate privileges when mapping permissions for external providers. Affected versions include cf-release before v264; UAA v2.x.x; 3.6.x before 3.6.13; 3.9.x before 3.9.15; 3.20.x before 3.20.0; and ...
CVE-2016-6636
CVE-2016-6636 affects Pivotal Cloud Foundry components and related UAA releases. The vulnerability arises from improper validation of redirect_uri subdomains in the OAuth authorization flow, enabling a remote attacker to obtain implicit access tokens by using a modified subdomain. Affected softwa...
CVE-2017-4972
CVE-2017-4972 describes a blind SQL injection vulnerability in Cloud Foundry components: cf-release before v257; UAA 2.x before v2.7.4.14, 3.6.x before v3.6.8, 3.9.x before v3.9.10, and other versions before v3.15.0; and UAA Release (uaa-release) 13.x before v13.12, 24.x before v24.7, and other v...
CVE-2016-6659
CVE-2016-6659 affects Cloud Foundry components: Cloud Foundry release v247 and earlier, UAA 2.x up to 2.7.4.12, UAA 3.x up to 3.6.5, and 3.7.x–3.9.x up to 3.9.3, plus the UAA bosh release (uaa-release) up to v13.9 (for 3.6.5) or v24 (for 3.9.3). The root cause is an elevation of privilege through...
CVE-2016-3084
CVE-2016-3084 affects the Cloud Foundry UAA password reset flow, vulnerable to brute force when using the internal UAA user store. The issue occurs due to multiple active reset codes at a given time and does not apply to deployments using SAML/LDAP. Affected products/versions include Cloud Foundr...
CVE-2016-6637
CVE-2016-6637 involves multiple CSRF vulnerabilities in Pivotal Cloud Foundry (PCF) and related components. The Cloud Foundry release v241 and earlier, UAA releases v2.0.0–v2.7.4.6 and v3.0.0–v3.6.0, and UAA bosh releases up to v15 are affected. The flaw arises because the profile and authorize a...
CVE-2016-0781
The CVE-2016-0781 issue affects Cloud Foundry ecosystem components: UAA OAuth approval pages in Cloud Foundry v208–v231, Login-server v1.6–v1.14, UAA v2.0.0–v2.7.4.1, UAA v3.0.0–v3.2.0, UAA-Release v2–v7, and Pivotal Elastic Runtime 1.6.x before 1.6.20. The vulnerability is an XSS flaw introduced...
CVE-2016-6651
CVE-2016-6651 affects the UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF), including PCF prior to v243 and UAA releases up to specific versions (UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime and Ops Manager acro...