Vulnerabilities > Pivotal Software

DATE CVE VULNERABILITY TITLE RISK
2019-03-07 CVE-2019-3777 Improper Certificate Validation vulnerability in Pivotal Software Application Service
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs.
network
low complexity
pivotal-software CWE-295
critical
9.8
2019-03-07 CVE-2019-3776 Cross-site Scripting vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability.
network
low complexity
pivotal-software CWE-79
5.4
2019-01-18 CVE-2019-3774 XXE vulnerability in Pivotal Software Spring Batch
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
network
low complexity
pivotal-software CWE-611
critical
9.8
2019-01-18 CVE-2019-3773 XXE vulnerability in multiple products
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
network
low complexity
pivotal-software oracle CWE-611
critical
9.8
2019-01-12 CVE-2019-3803 Information Exposure vulnerability in Pivotal Software Concourse
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow.
network
low complexity
pivotal-software CWE-200
7.5
2018-12-19 CVE-2018-15798 Open Redirect vulnerability in Pivotal Software Concourse
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites.
network
low complexity
pivotal-software CWE-601
5.4
2018-12-13 CVE-2018-15754 Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error.
network
low complexity
pivotal-software CWE-863
8.8
2018-12-10 CVE-2018-1279 Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster.
low complexity
pivotal-software CWE-330
6.5
2018-12-05 CVE-2018-15797 Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry NFS Volume
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand.
network
low complexity
pivotal-software CWE-532
8.8
2018-11-19 CVE-2018-15761 Unspecified vulnerability in Pivotal Software Cloudfoundry UAA Release
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation.
network
low complexity
pivotal-software
8.8