Latest Vulnerabilities Affecting Pivotal Software products

Date	CVE	Title	CVSS
2019-07-11	CVE-2019-11268	Information Leak / Disclosure vulnerability in Pivotal Software Cloud Foundry UAA Release	Medium
2019-06-26	CVE-2019-11272	Credentials Management vulnerability in Pivotal Software Spring Security	High
2019-06-19	CVE-2019-3787	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry UAA Release	Medium
2019-06-19	CVE-2019-11271	Information Leak / Disclosure vulnerability in Pivotal Software Bosh 267.2.0/270.0.0	Low
2019-06-12	CVE-2019-11269	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pivotal Software Spring Security Oauth	Medium
2019-06-06	CVE-2019-3790	Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager	Medium
2019-06-03	CVE-2019-3802	Information Leak / Disclosure vulnerability in Pivotal Software Spring Data Java Persistance API 1.11.0/2.0.0/2.1.0	Medium
2019-05-06	CVE-2019-3797	Information Leak / Disclosure vulnerability in Pivotal Software Spring Data Java Persistence API 1.11.0/2.0.0/2.1.0	Medium
2019-05-06	CVE-2019-3799	Path Traversal vulnerability in Pivotal Software Spring Cloud Config 1.4.0/2.0.0/2.1.0	Medium
2019-04-24	CVE-2019-3793	Authentication Issues vulnerability in Pivotal Software Application Service 665.0.0/666.0.0/667.0.0	Medium
2019-04-09	CVE-2019-3795	Insufficient Entropy in PRNG vulnerability in Pivotal Software Spring Security	Medium
2019-04-01	CVE-2019-3792	SQL Injection vulnerability in Pivotal Software Concourse 4.2.3/5.0.0	Medium
2019-03-07	CVE-2019-3777	Improper Certificate Validation vulnerability in Pivotal Software Application Service 2.2.0/2.3.0/2.4.0	Medium
2019-03-07	CVE-2019-3778	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pivotal Software Spring Security Oauth	Medium
2019-03-07	CVE-2019-3776	Cross-Site Scripting (XSS) vulnerability in Pivotal Software Operations Manager	Low

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.