Vulnerabilities > Pivotal Software > Application Service > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-19 CVE-2019-11276 Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http.
low complexity
pivotal-software CWE-319
4.8
2019-08-05 CVE-2019-11270 7PK - Security Features vulnerability in Pivotal Software products
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
network
low complexity
pivotal-software CWE-254
5.0
2019-04-24 CVE-2019-3793 Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP.
network
low complexity
pivotal-software CWE-319
5.0
2019-03-07 CVE-2019-3777 Improper Certificate Validation vulnerability in Pivotal Software Application Service
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs.
network
low complexity
pivotal-software CWE-295
5.0