Vulnerabilities > Pivotal Software > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2016-8220 | Information Exposure vulnerability in Pivotal Software Gemfire Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. | 7.5 |
| 2018-03-27 | CVE-2018-1231 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Bosh CLI Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. | 8.8 |
| 2018-03-21 | CVE-2018-1230 | Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Batch Admin Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. | 8.8 |
| 2018-03-19 | CVE-2018-1197 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Windows Stemcells In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. | 8.5 |
| 2018-03-13 | CVE-2018-1227 | Unspecified vulnerability in Pivotal Software Concourse Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. | 7.5 |
| 2018-02-01 | CVE-2018-1192 | Information Exposure vulnerability in Pivotal Software products In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. | 8.8 |
| 2017-11-27 | CVE-2017-8038 | Unspecified vulnerability in Pivotal Software Credhub-Release 1.1.0 In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. | 8.8 |
| 2017-11-27 | CVE-2017-8028 | Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. | 8.1 |
| 2017-11-27 | CVE-2017-14390 | Unspecified vulnerability in Pivotal Software Cf-Deployment 0.35.0 In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. | 7.5 |
| 2017-11-13 | CVE-2017-14388 | Improper Input Validation vulnerability in Pivotal Software Grootfs Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. | 7.8 |