EPSS
Percentile
34.3%
cloudfoundry-identity-server is vulnerable to information disclosure. A remotely authenticated attacker with scim.invite scope is able to obtain information about users of the UAA via blind SCIM injection through the email parameter.
scim.invite
email
www.cloudfoundry.org/blog/cve-2019-11282
www.cloudfoundry.org/blog/cve-2019-11282/