Vulnerabilities > Pivotal Software > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-5415 | Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. | 10.0 |
| 2019-04-24 | CVE-2019-3793 | Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. | 9.8 |
| 2019-03-07 | CVE-2019-3777 | Improper Certificate Validation vulnerability in Pivotal Software Application Service Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. | 9.8 |
| 2019-01-18 | CVE-2019-3774 | XXE vulnerability in Pivotal Software Spring Batch Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2019-01-18 | CVE-2019-3773 | XXE vulnerability in multiple products Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2018-11-19 | CVE-2018-15759 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Broker API and on Demand Services SDK Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. | 9.8 |
| 2018-10-05 | CVE-2018-1264 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry LOG Cache 0.1/1.0.0 Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. | 9.8 |
| 2018-10-05 | CVE-2018-11082 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Cloudfoundry UAA Release Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. | 9.8 |
| 2018-05-11 | CVE-2018-1260 | Code Injection vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. | 9.8 |
| 2018-04-11 | CVE-2018-1273 | Injection vulnerability in multiple products Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. | 9.8 |