Vulnerabilities > Cloudfoundry
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-06 | CVE-2019-11293 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. | 3.5 |
| 2019-11-26 | CVE-2019-11290 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. | 7.5 |
| 2019-11-19 | CVE-2019-11289 | Improper Input Validation vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. | 7.8 |
| 2019-10-23 | CVE-2019-11283 | Information Exposure Through Log Files vulnerability in multiple products Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. | 4.0 |
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.0 |
| 2019-09-26 | CVE-2019-11279 | Improper Privilege Management vulnerability in Cloudfoundry UAA Release CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. | 6.5 |
| 2019-09-26 | CVE-2019-11278 | Improper Input Validation vulnerability in Cloudfoundry User Account and Authentication CF UAA versions prior to 74.1.0, allow external input to be directly queried against. | 7.5 |
| 2019-09-23 | CVE-2019-11277 | Injection vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. | 5.5 |
| 2019-08-09 | CVE-2019-11274 | Cross-site Scripting vulnerability in Cloudfoundry User Account and Authentication Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. | 4.3 |
| 2019-04-25 | CVE-2019-3801 | Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment and Credhub Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. | 5.0 |