CloudFoundry User Account and Authentication (UAA) is vulnerable to session fixation attacks. These attacks are possible when UAA is configured to authenticate against OpenID Connect or external SAML based identity providers.
CPE | Name | Operator | Version |
---|---|---|---|
org.cloudfoundry.identity:cloudfoundry-identity-common | le | 2.7.4.9 | |
uaa server | eq | 3.10.0 | |
uaa server | le | 3.9.1 | |
uaa server | le | 3.4.5 | |
uaa | eq | 3.10.0 | |
uaa | le | 2.7.4.9 | |
uaa | le | 3.9.1 | |
uaa | le | 3.4.4 |