Vulnerabilities > Pivotal Software > Cloud Foundry UAA Release > 11.7

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-11	CVE-2019-11268	Improper Encoding or Escaping of Output vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. network low complexity pivotal-software CWE-116	4.3
2019-06-19	CVE-2019-3787	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. network low complexity pivotal-software CWE-640	8.8
2017-06-13	CVE-2017-4963	Session Fixation vulnerability in Pivotal Software Cloud Foundry UAA An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. network high complexity pivotal-software CWE-384	8.1
2017-04-24	CVE-2016-5016	Improper Certificate Validation vulnerability in Pivotal Software products Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. network high complexity pivotal-software CWE-295	5.9

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.