Vulnerabilities > CVE-2019-3794 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
pivotal-software
CWE-1021
NVD
Published: 2019-07-18
Updated: 2020-10-16

Summary

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.

Vulnerable Configurations

Part Description Count
Application
Pivotal_Software
390

Common Weakness Enumeration (CWE)

References