Cloud Foundry Uaa Security Vulnerabilities and Issues — Cloud Foundry Uaa CVE List

Lucene search

Pivotal SoftwareCloud Foundry Uaa

3 matches found

CVE•added 2019/08/05 5:15 p.m.•45 views

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

7.5CVSS7.3AI score0.00229EPSS

CVE•added 2019/10/23 4:15 p.m.•40 views

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

4.3CVSS4.3AI score0.00303EPSS

CVE•added 2019/07/18 4:15 p.m.•40 views

CVE-2019-3794

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.

6.5CVSS5.6AI score0.00306EPSS