Vulnerabilities > Pivotal Software > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-12 | CVE-2019-3803 | Information Exposure vulnerability in Pivotal Software Concourse Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. | 7.5 |
| 2018-12-13 | CVE-2018-15754 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. | 8.8 |
| 2018-12-05 | CVE-2018-15797 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry NFS Volume Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. | 8.8 |
| 2018-11-19 | CVE-2018-15761 | Unspecified vulnerability in Pivotal Software Cloudfoundry UAA Release Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. | 8.8 |
| 2018-11-13 | CVE-2018-15795 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2 Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. | 8.1 |
| 2018-11-09 | CVE-2018-15796 | Inadequate Encryption Strength vulnerability in Pivotal Software Bits Service Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. | 8.1 |
| 2018-11-02 | CVE-2018-15762 | Improper Privilege Management vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. | 8.8 |
| 2018-10-18 | CVE-2018-15758 | Unspecified vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. | 8.1 |
| 2018-10-05 | CVE-2018-15763 | Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Container Service Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. | 8.8 |
| 2018-10-05 | CVE-2018-11081 | Unspecified vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. | 8.8 |