Vulnerabilities > Pivotal Software

DATE CVE VULNERABILITY TITLE RISK
2020-09-19 CVE-2020-5421 Unspecified vulnerability in Pivotal Software Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
pivotal-software
3.6
2020-08-31 CVE-2020-5419 Uncontrolled Search Path Element vulnerability in Pivotal Software Rabbitmq
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution.
local
low complexity
pivotal-software CWE-427
4.6
2020-08-12 CVE-2020-5415 Authentication Bypass BY Spoofing vulnerability in Pivotal Software Concourse
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team.
network
low complexity
pivotal-software CWE-290
6.4
2020-06-11 CVE-2020-5411 Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Batch
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution.
6.8
2020-05-14 CVE-2020-5408 USE of Insufficiently Random Values vulnerability in Pivotal Software Spring Security
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor.
network
low complexity
pivotal-software CWE-330
4.0
2020-05-14 CVE-2020-5409 Open Redirect vulnerability in Pivotal Software Concourse
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow.
5.8
2020-05-13 CVE-2020-5407 Improper Verification of Cryptographic Signature vulnerability in Pivotal Software Spring Security
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation.
network
low complexity
pivotal-software CWE-347
6.5
2020-02-12 CVE-2020-5399 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS.
5.8
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Framework 5.2.0/5.2.1/5.2.2
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
high complexity
pivotal-software CWE-352
2.6
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in Pivotal Software Spring Framework
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
pivotal-software CWE-494
7.6