Vulnerabilities > Pivotal Software > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-13 CVE-2017-2773 Improper Input Validation vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1.
network
low complexity
pivotal-software CWE-20
7.5
7.5
2017-04-21 CVE-2016-2173 Improper Input Validation vulnerability in multiple products
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
network
low complexity
fedoraproject pivotal-software vmware CWE-20
7.5
7.5
2017-04-11 CVE-2016-4468 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
pivotal-software cloudfoundry CWE-89
8.8
8.8
2017-01-06 CVE-2016-9885 Information Exposure vulnerability in Pivotal Software Gemfire FOR Pivotal Cloud Foundry
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1.
network
low complexity
pivotal-software CWE-200
7.5
7.5
2016-12-29 CVE-2016-9877 Improper Access Control vulnerability in multiple products
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7.
network
low complexity
vmware pivotal-software CWE-284
7.5
7.5
2016-09-18 CVE-2016-0897 Cryptographic Issues vulnerability in Pivotal Software Operations Manager
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.
network
low complexity
pivotal-software CWE-310
7.5
7.5
2016-09-18 CVE-2016-0896 7PK - Security Features vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
network
low complexity
pivotal-software CWE-254
7.5
7.5