Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-3790 | Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. | 5.5 |
| 2019-06-03 | CVE-2019-3802 | Unspecified vulnerability in Pivotal Software Spring Data Java Persistance API This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. | 5.0 |
| 2019-05-06 | CVE-2019-3797 | Information Exposure vulnerability in Pivotal Software Spring Data Java Persistence API This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. | 5.0 |
| 2019-04-24 | CVE-2019-3793 | Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. | 5.0 |
| 2019-04-01 | CVE-2019-3792 | SQL Injection vulnerability in Pivotal Software Concourse Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. | 5.0 |
| 2019-03-07 | CVE-2019-3778 | Open Redirect vulnerability in multiple products Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 6.4 |
| 2019-03-07 | CVE-2019-3777 | Improper Certificate Validation vulnerability in Pivotal Software Application Service Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. | 5.0 |
| 2019-01-12 | CVE-2019-3803 | Information Exposure vulnerability in Pivotal Software Concourse Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. | 5.0 |
| 2018-12-19 | CVE-2018-15798 | Open Redirect vulnerability in Pivotal Software Concourse Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. | 5.8 |
| 2018-12-13 | CVE-2018-15754 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. | 4.0 |