Vulnerabilities > Pivotal Software > Application Service > 2.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-19 | CVE-2019-11276 | Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. | 5.4 |
| 2019-08-05 | CVE-2019-11270 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess. | 7.5 |
| 2019-03-07 | CVE-2019-3777 | Improper Certificate Validation vulnerability in Pivotal Software Application Service Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. | 9.8 |