Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:20867
HistoryJul 19, 2019 - 10:43 p.m.

Clickjacking

2019-07-1922:43:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

EPSS

0.001

Percentile

49.6%

JSON

cloudfoundry-identity-server is vulnerable to clickjacking attacks. It was discovered that it does not use content security policy X-FRAME-OPTIONS header on various email-endpoints which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions during the account login.

Related

prion 1
cve 1
cloudfoundry 1
cvelist 1
osv 1
nvd 1
prion
prion
Code injection
2019-07-18 16:15:00
cve
cve
CVE-2019-3794
2019-07-18 16:15:12
cloudfoundry
cloudfoundry
CVE-2019-3794: UAA - Login app subject to clickjacking attack | Cloud Foundry
2019-07-09 00:00:00
cvelist
cvelist
CVE-2019-3794 UAA - Login app subject to clickjacking attack
2019-07-18 15:47:00
osv
osv
CVE-2019-3794
2019-07-18 16:15:12
nvd
nvd
CVE-2019-3794
2019-07-18 16:15:12

EPSS

0.001

Percentile

49.6%

JSON
Related for VERACODE:20867
prion1cve1cloudfoundry1cvelist1osv1nvd1