Vulnerabilities > Cloudfoundry > User Account AND Authentication > 74.10.0

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-22098 Open Redirect vulnerability in Cloudfoundry User Account and Authentication
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability.
network
low complexity
cloudfoundry CWE-601
6.1
6.1
2021-07-22 CVE-2021-22001 Unspecified vulnerability in Cloudfoundry User Account and Authentication
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.
network
low complexity
cloudfoundry
7.5
7.5
2020-02-27 CVE-2020-5402 Cross-Site Request Forgery (CSRF) vulnerability in Cloudfoundry Cf-Deployment
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
network
low complexity
cloudfoundry CWE-352
8.8
8.8