Vulnerabilities > Cloudfoundry > CF Release > 174

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-24	CVE-2015-5170	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. network cloudfoundry pivotal-software CWE-352	6.8
2017-10-04	CVE-2017-8047	Open Redirect vulnerability in multiple products In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. network cloudfoundry pivotal CWE-601	5.8
2017-08-31	CVE-2016-0713	Cross-site Scripting vulnerability in Cloudfoundry Cf-Release Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. network high complexity cloudfoundry CWE-79	4.7
2017-07-25	CVE-2017-8033	Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. network cloudfoundry CWE-22	6.8
2017-07-17	CVE-2017-8034	Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudfoundry Capi-Release, Cf-Release and Routing-Release The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. network cloudfoundry CWE-565	6.0
2017-06-13	CVE-2017-4992	Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. network low complexity pivotal-software cloudfoundry CWE-269	7.5
2017-06-13	CVE-2017-4991	Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. network low complexity pivotal-software cloudfoundry CWE-269	6.5
2017-06-13	CVE-2017-4974	SQL Injection vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. network low complexity pivotal-software cloudfoundry CWE-89	4.0
2017-06-13	CVE-2017-4972	SQL Injection vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. network low complexity pivotal-software cloudfoundry CWE-89	5.0
2017-06-13	CVE-2016-8219	Improper Privilege Management vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. network low complexity cloudfoundry CWE-269	4.0