Vulnerabilities > Cloudfoundry > User Account AND Authentication > High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-26	CVE-2019-11290	Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. network low complexity cloudfoundry CWE-532	7.5
2019-09-26	CVE-2019-11278	Improper Input Validation vulnerability in Cloudfoundry User Account and Authentication CF UAA versions prior to 74.1.0, allow external input to be directly queried against. network low complexity cloudfoundry CWE-20	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.