Vulnerabilities > Pivotal Software

DATE CVE VULNERABILITY TITLE RISK
2019-07-18 CVE-2019-3794 Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints.
network
low complexity
pivotal-software CWE-1021
5.4
2019-07-11 CVE-2019-11268 Improper Encoding or Escaping of Output vulnerability in Pivotal Software Cloud Foundry Uaa-Release
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping.
network
low complexity
pivotal-software CWE-116
4.3
2019-06-19 CVE-2019-3787 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character.
network
low complexity
pivotal-software CWE-640
8.8
2019-06-12 CVE-2019-11269 Open Redirect vulnerability in multiple products
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code.
network
low complexity
pivotal-software oracle CWE-601
5.4
2019-06-06 CVE-2019-3790 Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.
network
low complexity
pivotal-software CWE-613
5.4
2019-06-03 CVE-2019-3802 Unspecified vulnerability in Pivotal Software Spring Data Java Persistance API
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20.
network
low complexity
pivotal-software
5.3
2019-05-06 CVE-2019-3797 Information Exposure vulnerability in Pivotal Software Spring Data Java Persistence API
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19.
network
low complexity
pivotal-software CWE-200
5.3
2019-04-24 CVE-2019-3793 Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP.
network
low complexity
pivotal-software CWE-319
critical
9.8
2019-04-01 CVE-2019-3792 SQL Injection vulnerability in Pivotal Software Concourse
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection.
network
low complexity
pivotal-software CWE-89
7.5
2019-03-07 CVE-2019-3778 Open Redirect vulnerability in multiple products
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code.
network
low complexity
pivotal-software oracle CWE-601
6.5