Vulnerabilities > Pivotal Software > Cloud Foundry Elastic Runtime
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-11 | CVE-2016-0715 | Information Exposure vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. | 5.9 |
| 2018-03-29 | CVE-2016-6658 | Information Exposure vulnerability in multiple products Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. | 9.6 |
| 2017-10-24 | CVE-2015-5173 | Information Exposure vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage." | 8.8 |
| 2017-10-24 | CVE-2015-5172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | 9.8 |
| 2017-10-24 | CVE-2015-5171 | Insufficient Session Expiration vulnerability in multiple products The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | 9.8 |
| 2017-10-24 | CVE-2015-5170 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | 8.8 |
| 2017-06-13 | CVE-2017-4959 | Unspecified vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. | 8.8 |
| 2017-06-13 | CVE-2017-4955 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. | 9.8 |
| 2017-06-13 | CVE-2017-2773 | Improper Input Validation vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. | 9.8 |
| 2017-05-25 | CVE-2016-3084 | Permissions, Privileges, and Access Controls vulnerability in multiple products The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. | 8.1 |