Vulnerabilities > Pivotal Software > Cloud Foundry UAA > 4.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.0 |
| 2019-08-05 | CVE-2019-11270 | 7PK - Security Features vulnerability in Pivotal Software products Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess. | 5.0 |
| 2019-07-18 | CVE-2019-3794 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. | 4.3 |
| 2018-11-19 | CVE-2018-15761 | Unspecified vulnerability in Pivotal Software Cloud Foundry UAA and Cloudfoundry UAA Release Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. | 6.5 |
| 2018-06-25 | CVE-2018-11041 | Open Redirect vulnerability in Pivotal Software Cloud Foundry UAA and Cloud Foundry Uaa-Release Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. | 5.8 |
| 2018-02-01 | CVE-2018-1192 | Information Exposure vulnerability in Pivotal Software products In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. | 6.5 |