Vulnerabilities > Pivotal Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2019-3777 | Improper Certificate Validation vulnerability in Pivotal Software Application Service Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. | 5.0 |
| 2019-03-07 | CVE-2019-3776 | Cross-site Scripting vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. | 3.5 |
| 2019-01-18 | CVE-2019-3774 | XXE vulnerability in Pivotal Software Spring Batch Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2019-01-18 | CVE-2019-3773 | XXE vulnerability in multiple products Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2019-01-12 | CVE-2019-3803 | Information Exposure vulnerability in Pivotal Software Concourse Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. | 5.0 |
| 2018-12-19 | CVE-2018-15798 | Open Redirect vulnerability in Pivotal Software Concourse Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. | 5.8 |
| 2018-12-13 | CVE-2018-15754 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. | 4.0 |
| 2018-12-10 | CVE-2018-1279 | Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. | 3.3 |
| 2018-12-05 | CVE-2018-15797 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry NFS Volume Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. | 4.0 |
| 2018-11-19 | CVE-2018-15761 | Unspecified vulnerability in Pivotal Software Cloud Foundry UAA and Cloudfoundry UAA Release Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. | 6.5 |