Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-19 | CVE-2022-31683 | Unspecified vulnerability in Pivotal Software Concourse Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. | 5.4 |
| 2020-08-31 | CVE-2020-5419 | Uncontrolled Search Path Element vulnerability in multiple products RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. | 4.6 |
| 2020-08-12 | CVE-2020-5415 | Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. | 6.4 |
| 2020-06-11 | CVE-2020-5411 | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Batch When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. | 6.8 |
| 2020-05-14 | CVE-2020-5408 | Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. | 4.0 |
| 2020-05-14 | CVE-2020-5409 | Open Redirect vulnerability in Pivotal Software Concourse Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. | 5.8 |
| 2020-02-12 | CVE-2020-5399 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. | 5.8 |
| 2020-01-09 | CVE-2019-11292 | Information Exposure Through Log Files vulnerability in Pivotal Software Operations Manager Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. | 6.5 |
| 2019-10-23 | CVE-2019-11283 | Information Exposure Through Log Files vulnerability in multiple products Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. | 4.0 |
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.0 |