Vulnerabilities > Pivotal Software > Cloud Foundry UAA > 2.7.4

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2019-11282 Injection vulnerability in multiple products
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack.
network
low complexity
cloudfoundry pivotal-software CWE-74
4.0
4.0
2019-08-05 CVE-2019-11270 7PK - Security Features vulnerability in Pivotal Software products
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
network
low complexity
pivotal-software CWE-254
5.0
5.0
2019-07-18 CVE-2019-3794 Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. 		4.3
4.3
2018-11-19 CVE-2018-15761 Unspecified vulnerability in Pivotal Software Cloud Foundry UAA and Cloudfoundry UAA Release
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation.
network
low complexity
pivotal-software
6.5
6.5
2017-07-10 CVE-2017-8032 Improper Privilege Management vulnerability in multiple products
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 		6.0
6.0
2017-06-13 CVE-2017-4994 Improper Input Validation vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40.
network
low complexity
cloudfoundry pivotal-software CWE-20
5.0
5.0
2017-06-13 CVE-2017-4992 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37.
network
low complexity
pivotal-software cloudfoundry CWE-269
7.5
7.5
2017-06-13 CVE-2017-4991 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36.
network
low complexity
pivotal-software cloudfoundry CWE-269
6.5
6.5
2017-06-13 CVE-2017-4974 SQL Injection vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1.
network
low complexity
pivotal-software cloudfoundry CWE-89
4.0
4.0
2017-06-13 CVE-2017-4973 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30.
network
low complexity
cloudfoundry pivotal-software CWE-269
6.5
6.5