Vulnerabilities > Cloudfoundry > User Account AND Authentication > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-20903 | Insufficient Session Expiration vulnerability in Cloudfoundry User Account and Authentication This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. | 4.3 |
| 2021-08-11 | CVE-2021-22098 | Open Redirect vulnerability in Cloudfoundry User Account and Authentication UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. | 6.1 |
| 2019-12-06 | CVE-2019-11293 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. | 6.5 |
| 2019-08-09 | CVE-2019-11274 | Cross-site Scripting vulnerability in Cloudfoundry User Account and Authentication Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. | 6.1 |