Lucene search

K
Pivotal SoftwareCloud Foundry Uaa

7 matches found

CVE
CVE
added 2018/05/15 8:29 p.m.53 views

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin...

7.2CVSS7AI score0.00428EPSS
CVE
CVE
added 2018/07/24 7:29 p.m.46 views

CVE-2018-11047

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer ...

7.5CVSS7.3AI score0.00278EPSS
CVE
CVE
added 2019/08/05 5:15 p.m.45 views

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

7.5CVSS7.3AI score0.00229EPSS
CVE
CVE
added 2017/03/10 1:59 a.m.41 views

CVE-2017-4960

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

7.5CVSS7.3AI score0.00451EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.39 views

CVE-2017-4972

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12,...

7.5CVSS7.8AI score0.00278EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.38 views

CVE-2017-4991

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14...

7.2CVSS6.9AI score0.0028EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.37 views

CVE-2017-4994

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16,...

7.5CVSS7.4AI score0.00255EPSS