Vulnerabilities > Pivotal Software > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2016-6658 | Information Exposure vulnerability in multiple products Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. | 9.6 |
| 2018-03-16 | CVE-2016-9880 | Improper Authentication vulnerability in Pivotal Software Gemfire for Pivotal Cloud Foundry 1.7.0 The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. | 9.8 |
| 2018-01-04 | CVE-2017-8046 | Improper Input Validation vulnerability in multiple products Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | 9.8 |
| 2017-11-27 | CVE-2017-8045 | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. | 9.8 |
| 2017-10-24 | CVE-2015-5172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | 9.8 |
| 2017-10-24 | CVE-2015-5171 | Insufficient Session Expiration vulnerability in multiple products The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | 9.8 |
| 2017-06-13 | CVE-2017-4992 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. | 9.8 |
| 2017-06-13 | CVE-2017-4955 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. | 9.8 |
| 2017-06-13 | CVE-2017-2773 | Improper Input Validation vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. | 9.8 |
| 2017-05-25 | CVE-2016-0761 | Data Processing Errors vulnerability in multiple products Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. | 9.8 |