Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-10 | CVE-2018-1279 | Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. | 6.5 |
| 2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in multiple products Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 5.9 |
| 2018-09-11 | CVE-2016-0715 | Information Exposure vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. | 5.9 |
| 2018-07-24 | CVE-2018-11044 | Improper Input Validation vulnerability in Pivotal Software Pivotal Application Service Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. | 6.5 |
| 2018-07-11 | CVE-2018-11045 | Use of Insufficiently Random Values vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. | 5.9 |
| 2018-06-25 | CVE-2018-11046 | Improper Input Validation vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. | 6.5 |
| 2018-06-25 | CVE-2018-11041 | Open Redirect vulnerability in Pivotal Software Cloud Foundry UAA and Cloud Foundry Uaa-Release Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. | 6.1 |
| 2018-05-17 | CVE-2018-1276 | Information Exposure vulnerability in Pivotal Software Windows Stemcells Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. | 6.5 |
| 2018-05-11 | CVE-2018-1278 | Incorrect Authorization vulnerability in Pivotal Software Pivotal Application Service Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. | 6.5 |
| 2018-03-21 | CVE-2018-1229 | Cross-site Scripting vulnerability in Pivotal Software Spring Batch Admin Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. | 6.1 |