Vulnerabilities > Pivotal Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-17 | CVE-2018-11088 | Unspecified vulnerability in Pivotal Software Pivotal Application Service Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. | 8.8 |
| 2018-09-17 | CVE-2018-11086 | Unspecified vulnerability in Pivotal Software Pivotal Application Service Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. | 8.8 |
| 2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 5.9 |
| 2018-09-11 | CVE-2016-0715 | Information Exposure vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. | 5.9 |
| 2018-07-24 | CVE-2018-11047 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. | 7.5 |
| 2018-07-24 | CVE-2018-11044 | Improper Input Validation vulnerability in Pivotal Software Pivotal Application Service Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. | 6.5 |
| 2018-07-11 | CVE-2018-11045 | Use of Insufficiently Random Values vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. | 5.9 |
| 2018-06-25 | CVE-2018-11046 | Improper Input Validation vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. | 6.5 |
| 2018-06-25 | CVE-2018-11041 | Open Redirect vulnerability in Pivotal Software Cloud Foundry UAA and Cloud Foundry Uaa-Release Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. | 6.1 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 7.2 |