3 matches found
CVE-2017-8044
Pivotal Single Sign-On for PCF is affected in versions 1.3.x prior to 1.3.4 and 1.4.x prior to 1.4.3. The vulnerability is a DOM-based XSS where code injected via query parameters can execute in the browser environment. Connected sources corroborate the same vulnerability description across multi...
CVE-2017-8040
CVE-2017-8040 affects Pivotal Cloud Foundry (PCF) Single Sign-On: XXE vulnerability in the SSO dashboard. Versions 1.3.x before 1.3.4 and 1.4.x before 1.4.3 are vulnerable; privileged users can upload malformed XML, potentially exposing data on the SSO service broker filesystem. Root cause is XML...
CVE-2017-8041
CVE-2017-8041 affects Pivotal Cloud Foundry’s Single Sign-On (PCF SSO). The vulnerability is a cross-site scripting flaw in the org-name field on certain SSO UI pages, exploitable in PCF SSO versions 1.3.x before 1.3.4 and 1.4.x before 1.4.3. The described impact is that a remote attacker can cau...