Vulnerabilities > Cloudfoundry > UAA Release > 45.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2019-11279 | Improper Privilege Management vulnerability in Cloudfoundry UAA Release CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. | 6.5 |
| 2019-04-25 | CVE-2019-3801 | Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment and Credhub Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. | 5.0 |
| 2019-04-25 | CVE-2019-3788 | Open Redirect vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. | 5.8 |
| 2019-03-07 | CVE-2019-3775 | Improper Authentication vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. | 4.0 |