Vulnerabilities > Pivotal Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-18 | CVE-2019-3794 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. | 4.3 |
| 2019-07-11 | CVE-2019-11268 | Information Exposure vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. | 4.0 |
| 2019-06-19 | CVE-2019-3787 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. | 4.3 |
| 2019-06-12 | CVE-2019-11269 | Open Redirect vulnerability in multiple products Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 5.8 |
| 2019-06-06 | CVE-2019-3790 | Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. | 5.5 |
| 2019-06-03 | CVE-2019-3802 | Unspecified vulnerability in Pivotal Software Spring Data Java Persistance API This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. | 5.0 |
| 2019-05-06 | CVE-2019-3797 | Information Exposure vulnerability in Pivotal Software Spring Data Java Persistence API This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. | 5.0 |
| 2019-04-24 | CVE-2019-3793 | Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. | 5.0 |
| 2019-04-01 | CVE-2019-3792 | SQL Injection vulnerability in Pivotal Software Concourse Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. | 5.0 |
| 2019-03-07 | CVE-2019-3778 | Open Redirect vulnerability in multiple products Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 6.4 |