Vulnerabilities > Pivotal Software

DATE CVE VULNERABILITY TITLE RISK
2018-11-19 CVE-2018-15759 Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Broker API and on Demand Services SDK
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials.
network
low complexity
pivotal-software CWE-307
critical
9.8
2018-11-13 CVE-2018-15795 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client.
network
low complexity
pivotal-software CWE-338
8.1
2018-11-09 CVE-2018-15796 Inadequate Encryption Strength vulnerability in Pivotal Software Bits Service
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs.
network
low complexity
pivotal-software CWE-326
8.1
2018-11-02 CVE-2018-15762 Improper Privilege Management vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation.
network
low complexity
pivotal-software CWE-269
8.8
2018-10-18 CVE-2018-15758 Unspecified vulnerability in Pivotal Software Spring Security Oauth
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions.
network
high complexity
pivotal-software
8.1
2018-10-05 CVE-2018-15763 Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Container Service
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs.
network
low complexity
pivotal-software CWE-532
8.8
2018-10-05 CVE-2018-1264 Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry LOG Cache 0.1/1.0.0
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report.
network
low complexity
pivotal-software CWE-532
critical
9.8
2018-10-05 CVE-2018-11082 Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Cloudfoundry UAA Release
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes.
network
low complexity
pivotal-software CWE-307
critical
9.8
2018-10-05 CVE-2018-11081 Unspecified vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk.
network
low complexity
pivotal-software
8.8
2018-09-17 CVE-2018-1198 Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Cloud Cache
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs.
network
low complexity
pivotal-software CWE-532
8.8