Vulnerabilities > Pivotal Software

DATE CVE VULNERABILITY TITLE RISK
2017-05-25 CVE-2015-3190 Open Redirect vulnerability in multiple products
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
network
low complexity
pivotal-software cloudfoundry CWE-601
6.1
2017-05-25 CVE-2015-3189 Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one.
network
high complexity
pivotal-software cloudfoundry CWE-640
3.7
2017-05-25 CVE-2015-1834 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2.
network
low complexity
pivotal-software cloudfoundry CWE-22
6.5
2017-05-25 CVE-2014-0225 XXE vulnerability in multiple products
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration.
network
low complexity
pivotal-software vmware CWE-611
8.8
2017-05-02 CVE-2016-5006 Information Exposure vulnerability in Pivotal Software Cloud Foundry and Cloud Foundry Elastic Runtime
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.
network
low complexity
pivotal-software CWE-200
critical
9.8
2017-04-24 CVE-2016-5016 Improper Certificate Validation vulnerability in Pivotal Software products
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
network
high complexity
pivotal-software CWE-295
5.9
2017-04-11 CVE-2016-4468 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
pivotal-software cloudfoundry CWE-89
8.8
2017-03-10 CVE-2017-4960 An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26.
network
low complexity
pivotal-software cloudfoundry
7.5
2017-01-06 CVE-2016-9885 7PK - Security Features vulnerability in Pivotal Software Gemfire for Pivotal Cloud Foundry
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1.
network
low complexity
pivotal-software CWE-254
critical
9.8
2016-12-29 CVE-2016-9878 Path Traversal vulnerability in multiple products
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5.
network
low complexity
pivotal-software vmware CWE-22
7.5