Latest Vulnerabilities Affecting Pivotal Software products

Date	CVE	Title	CVSS
2019-05-06	CVE-2019-3797	Information Leak / Disclosure vulnerability in Pivotal Software Spring Data Java Persistence API 1.11.0/2.0.0/2.1.0	Medium
2019-05-06	CVE-2019-3799	Path Traversal vulnerability in Pivotal Software Spring Cloud Config 1.4.0/2.0.0/2.1.0	Medium
2019-04-24	CVE-2019-3793	Authentication Issues vulnerability in Pivotal Software Application Service 665.0.0/666.0.0/667.0.0	Medium
2019-04-09	CVE-2019-3795	Insufficient Entropy in PRNG vulnerability in Pivotal Software Spring Security	Medium
2019-04-01	CVE-2019-3792	SQL Injection vulnerability in Pivotal Software Concourse 4.2.3/5.0.0	Medium
2019-03-07	CVE-2019-3777	Improper Certificate Validation vulnerability in Pivotal Software Application Service 2.2.0/2.3.0/2.4.0	Medium
2019-03-07	CVE-2019-3778	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pivotal Software Spring Security Oauth	Medium
2019-03-07	CVE-2019-3776	Cross-Site Scripting (XSS) vulnerability in Pivotal Software Operations Manager	Low
2019-01-18	CVE-2019-3773	Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Pivotal Software Spring WEB Services 2.4.3	High
2019-01-18	CVE-2019-3774	Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Pivotal Software Spring Batch 3.0.9/4.1.0	High
2019-01-18	CVE-2019-3772	Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Oracle and Pivotal Software products	High
2019-01-12	CVE-2019-3803	Information Leak / Disclosure vulnerability in Pivotal Software Concourse 4.2.2	Medium
2018-12-19	CVE-2018-15801	Insufficient Verification of Data Authenticity vulnerability in Pivotal Software Spring Framework 5.1.0	Medium
2018-12-19	CVE-2018-15798	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pivotal Software Concourse 4.0.0	Medium
2018-12-13	CVE-2018-15754	Credentials Management vulnerability in Pivotal Software Cloud Foundry UAA Release 60.0	Medium

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.