Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-110609
HistoryOct 22, 2019 - 12:00 a.m.

Cloud Foundry UAA CVE-2019-11282 Information Disclosure Vulnerability

2019-10-2200:00:00
Symantec Security Response
www.symantec.com
16

EPSS

0.001

Percentile

34.3%

JSON

Description

Cloud Foundry UAA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cloud Foundry UAA versions prior to 74.3.0 are vulnerable.

Technologies Affected

  • Cloud Foundry UAA 63.0
  • Cloud Foundry UAA 64.0
  • Cloud Foundry UAA 72.0
  • Cloud Foundry UAA 73.0.0
  • Cloud Foundry UAA 73.3.0
  • Cloud Foundry UAA 73.4.0
  • Cloud Foundry UAA 73.4.2
  • Cloud Foundry UAA 74.0.0
  • Cloud Foundry cf-deployment 0.35.0
  • Cloud Foundry cf-deployment 0.36.0
  • Cloud Foundry cf-deployment 10.0.0
  • Cloud Foundry cf-deployment 10.1.0
  • Cloud Foundry cf-deployment 11.0.0
  • Cloud Foundry cf-deployment 11.1.0
  • Cloud Foundry cf-deployment 7.3.0
  • Cloud Foundry cf-deployment 7.4.0
  • Cloud Foundry cf-deployment 7.5.0
  • Cloud Foundry cf-deployment 7.6.0
  • Cloud Foundry cf-deployment 7.7.0
  • Cloud Foundry cf-deployment 7.8.0
  • Cloud Foundry cf-deployment 7.9.0
  • Cloud Foundry cf-deployment 9.0.0
  • Cloud Foundry cf-deployment 9.1.0
  • Cloud Foundry cf-deployment 9.2.0
  • Cloud Foundry cf-deployment 9.3.0
  • Cloud Foundry cf-deployment 9.4.0
  • Cloud Foundry cf-deployment 9.5.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, block access at the network perimeter to computers hosting the vulnerable device.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Updates are available. Please see the references or vendor advisory for more information.

Related

veracode 1
osv 1
prion 1
nvd 1
cve 1
cloudfoundry 1
cvelist 1
veracode
veracode
Information Disclosure
2019-10-29 06:58:09
osv
osv
CVE-2019-11282
2019-10-23 16:15:11
prion
prion
Sql injection
2019-10-23 16:15:00
nvd
nvd
CVE-2019-11282
2019-10-23 16:15:11
cve
cve
CVE-2019-11282
2019-10-23 16:15:11
cloudfoundry
cloudfoundry
CVE-2019-11282: UAA is vulnerable to a Blind SCIM injection leading to information disclosure | Cloud Foundry
2019-10-22 00:00:00
cvelist
cvelist
CVE-2019-11282 UAA is vulnerable to a Blind SCIM injection leading to information disclosure
2019-10-23 15:28:24

EPSS

0.001

Percentile

34.3%

JSON
Related for SMNTC-110609
veracode1osv1prion1nvd1cve1cloudfoundry1cvelist1