Vulnerabilities > Pivotal Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-19 | CVE-2018-15759 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Broker API and ON Demand Services SDK Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. | 5.0 |
| 2018-11-13 | CVE-2018-15795 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2 Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. | 5.5 |
| 2018-11-09 | CVE-2018-15796 | Inadequate Encryption Strength vulnerability in Pivotal Software Bits Service Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. | 5.5 |
| 2018-11-02 | CVE-2018-15762 | Improper Privilege Management vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. | 6.5 |
| 2018-10-18 | CVE-2018-15758 | Unspecified vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. network pivotal-software | 6.8 |
| 2018-10-05 | CVE-2018-15763 | Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Container Service Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. | 4.0 |
| 2018-10-05 | CVE-2018-1264 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry LOG Cache Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. | 5.0 |
| 2018-10-05 | CVE-2018-11082 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Cloudfoundry UAA and Cloudfoundry UAA Release Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. | 5.0 |
| 2018-10-05 | CVE-2018-11081 | Unspecified vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. | 4.0 |
| 2018-09-17 | CVE-2018-1198 | Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Cloud Cache Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. | 4.0 |