Vulnerabilities > Pivotal Software > Cloud Foundry UAA Release > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-11 CVE-2019-11268 Information Exposure vulnerability in Pivotal Software Cloud Foundry Uaa-Release
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping.
network
low complexity
pivotal-software CWE-200
4.0
2019-06-19 CVE-2019-3787 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character.
4.3
2018-12-13 CVE-2018-15754 Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error.
network
low complexity
pivotal-software CWE-863
4.0
2018-06-25 CVE-2018-11041 Open Redirect vulnerability in Pivotal Software Cloud Foundry UAA and Cloud Foundry Uaa-Release
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects.
5.8
2018-05-15 CVE-2018-1262 Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation.
network
low complexity
pivotal-software cloudfoundry
6.5
2018-02-01 CVE-2018-1192 Information Exposure vulnerability in Pivotal Software products
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs.
network
low complexity
pivotal-software CWE-200
6.5
2017-06-13 CVE-2017-4963 Session Fixation vulnerability in Pivotal Software products
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions.
6.8
2017-04-24 CVE-2016-5016 Improper Certificate Validation vulnerability in Pivotal Software products
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
4.3