Vulnerabilities > Cloudfoundry

DATE CVE VULNERABILITY TITLE RISK
2017-06-13 CVE-2017-4991 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36.
network
low complexity
pivotal-software cloudfoundry CWE-269
7.2
2017-06-13 CVE-2017-4974 SQL Injection vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1.
network
low complexity
pivotal-software cloudfoundry CWE-89
6.5
2017-06-13 CVE-2017-4973 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30.
network
low complexity
pivotal-software cloudfoundry CWE-269
8.8
2017-06-13 CVE-2017-4972 SQL Injection vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30.
network
low complexity
pivotal-software cloudfoundry CWE-89
7.5
2017-06-13 CVE-2017-4970 Unspecified vulnerability in Cloudfoundry Cf-Release and Staticfile Buildpack
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3.
network
high complexity
cloudfoundry
5.9
2017-06-13 CVE-2016-8219 Improper Privilege Management vulnerability in Cloudfoundry Capi-Release and Cf-Release
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0.
network
low complexity
cloudfoundry CWE-269
6.5
2017-06-13 CVE-2016-8218 Improper Input Validation vulnerability in Cloudfoundry Cf-Release
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231.
network
low complexity
cloudfoundry CWE-20
critical
9.8
2017-06-13 CVE-2016-6655 Command Injection vulnerability in Cloudfoundry Cf-Mysql-Release
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31.
network
low complexity
cloudfoundry CWE-77
critical
9.8
2017-05-25 CVE-2016-3084 Permissions, Privileges, and Access Controls vulnerability in multiple products
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time.
network
high complexity
pivotal-software cloudfoundry CWE-264
8.1
2017-05-25 CVE-2016-2165 Improper Input Validation vulnerability in multiple products
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response.
network
low complexity
pivotal-software cloudfoundry CWE-20
6.5