Vulnerabilities > Pivotal Software

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2019-11292 Information Exposure Through Log Files vulnerability in Pivotal Software Operations Manager
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file.
network
low complexity
pivotal-software CWE-532
6.5
2019-11-23 CVE-2019-11287 Use of Externally-Controlled Format String vulnerability in multiple products
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack.
7.5
2019-10-23 CVE-2019-11283 Information Exposure Through Log Files vulnerability in multiple products
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs.
network
low complexity
cloudfoundry pivotal-software CWE-532
8.8
2019-10-23 CVE-2019-11282 Injection vulnerability in multiple products
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack.
network
low complexity
cloudfoundry pivotal-software CWE-74
4.3
2019-10-16 CVE-2019-11281 Cross-site Scripting vulnerability in multiple products
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input.
4.8
2019-10-01 CVE-2019-11275 Improper Neutralization of Formula Elements in a CSV File vulnerability in multiple products
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed.
network
low complexity
pivotal pivotal-software CWE-1236
4.3
2019-09-20 CVE-2019-11280 Improper Privilege Management vulnerability in Pivotal Software Pivotal Application Service
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations.
network
low complexity
pivotal-software CWE-269
8.8
2019-08-19 CVE-2019-11276 Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http.
low complexity
pivotal-software CWE-319
5.4
2019-08-05 CVE-2019-11270 Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Cloud Foundry UAA
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
network
low complexity
pivotal-software CWE-732
7.5
2019-07-23 CVE-2019-11273 Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Container Service
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database.
network
low complexity
pivotal-software CWE-532
4.3