Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11273 | Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Container Service Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. | 4.3 |
| 2019-07-18 | CVE-2019-3794 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. | 5.4 |
| 2019-07-11 | CVE-2019-11268 | Improper Encoding or Escaping of Output vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. | 4.3 |
| 2019-06-12 | CVE-2019-11269 | Open Redirect vulnerability in multiple products Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 5.4 |
| 2019-06-06 | CVE-2019-3790 | Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. | 5.4 |
| 2019-06-03 | CVE-2019-3802 | Unspecified vulnerability in Pivotal Software Spring Data Java Persistance API This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. | 5.3 |
| 2019-05-06 | CVE-2019-3797 | Information Exposure vulnerability in Pivotal Software Spring Data Java Persistence API This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. | 5.3 |
| 2019-03-07 | CVE-2019-3778 | Open Redirect vulnerability in multiple products Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 6.5 |
| 2019-03-07 | CVE-2019-3776 | Cross-site Scripting vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. | 5.4 |
| 2018-12-19 | CVE-2018-15798 | Open Redirect vulnerability in Pivotal Software Concourse Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. | 5.4 |