Vulnerabilities > Pivotal

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-34061 Resource Exhaustion vulnerability in Pivotal Cloud Foundry Deployment
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack.
network
low complexity
pivotal CWE-400
7.5
2023-11-28 CVE-2023-34054 Unspecified vulnerability in Pivotal Reactor Netty
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
network
low complexity
pivotal
7.5
2023-11-15 CVE-2023-34062 Path Traversal vulnerability in Pivotal Reactor Netty
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
network
low complexity
pivotal CWE-22
7.5
2023-06-16 CVE-2023-20885 Information Exposure Through Log Files vulnerability in Pivotal products
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.
network
low complexity
pivotal CWE-532
6.5
2022-10-19 CVE-2022-31684 Unspecified vulnerability in Pivotal Reactor Netty
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests.
network
low complexity
pivotal
4.3
2022-04-21 CVE-2022-22969 <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application.
network
low complexity
pivotal oracle
6.5
2020-03-20 CVE-2019-19029 SQL Injection vulnerability in multiple products
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
network
low complexity
linuxfoundation pivotal CWE-89
7.2
2020-03-20 CVE-2019-19026 SQL Injection vulnerability in multiple products
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
network
low complexity
linuxfoundation pivotal CWE-89
4.9
2020-03-20 CVE-2019-19025 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
network
low complexity
linuxfoundation pivotal CWE-352
8.8
2020-03-20 CVE-2019-19023 Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
network
low complexity
linuxfoundation pivotal
8.8