Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
Pivotal SoftwareCloud Foundry Uaa-release

8 matches found

CVE
CVEadded 2019/06/19 11:15 p.m.136 views

CVE-2019-3787

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to...

8.8CVSS8.8AI score0.00271EPSS
CVE
CVEadded 2018/05/15 8:29 p.m.53 views

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin...

7.2CVSS7AI score0.00428EPSS
CVE
CVEadded 2017/04/24 7:59 p.m.45 views

CVE-2016-5016

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

5.9CVSS5.7AI score0.00278EPSS
CVE
CVEadded 2018/06/25 3:29 p.m.38 views

CVE-2018-11041

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redire...

6.1CVSS6.2AI score0.00215EPSS
CVE
CVEadded 2018/12/13 10:29 p.m.38 views

CVE-2018-15754

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token...

8.8CVSS6.1AI score0.00417EPSS
CVE
CVEadded 2018/02/01 8:29 p.m.37 views

CVE-2018-1192

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions...

8.8CVSS8.4AI score0.00485EPSS
CVE
CVEadded 2019/07/11 6:15 p.m.35 views

CVE-2019-11268

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups...

6.5CVSS4.7AI score0.00357EPSS
CVE
CVEadded 2017/06/13 6:29 a.m.31 views

CVE-2017-4963

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAM...

8.1CVSS8AI score0.00387EPSS