Vulnerabilities > Pivotal Software > Cloud Foundry UAA Release > 8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-11 | CVE-2019-11268 | Information Exposure vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. | 4.0 |
2019-06-19 | CVE-2019-3787 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. | 4.3 |
2017-04-24 | CVE-2016-5016 | Improper Certificate Validation vulnerability in Pivotal Software products Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. | 4.3 |