Vulnerabilities > Pivotal Software > Cloud Foundry UAA > 24

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-23	CVE-2019-11282	Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. network low complexity cloudfoundry pivotal-software CWE-74	4.3
2019-08-05	CVE-2019-11270	Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess. network low complexity pivotal-software CWE-732	7.5
2019-07-18	CVE-2019-3794	Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. network low complexity pivotal-software CWE-1021	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.