Vulnerabilities > Pivotal Software > Cloud Foundry UAA Release > 11.7

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-11	CVE-2019-11268	Information Exposure vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. network low complexity pivotal-software CWE-200	4.0
2019-06-19	CVE-2019-3787	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. network pivotal-software CWE-640	4.3
2017-04-24	CVE-2016-5016	Improper Certificate Validation vulnerability in Pivotal Software products Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. network pivotal-software CWE-295	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.