Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-15797 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry NFS Volume Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. | 4.0 |
| 2018-11-19 | CVE-2018-15761 | Unspecified vulnerability in Pivotal Software Cloud Foundry UAA and Cloudfoundry UAA Release Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. | 6.5 |
| 2018-11-19 | CVE-2018-15759 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Broker API and ON Demand Services SDK Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. | 5.0 |
| 2018-11-13 | CVE-2018-15795 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2 Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. | 5.5 |
| 2018-11-09 | CVE-2018-15796 | Inadequate Encryption Strength vulnerability in Pivotal Software Bits Service Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. | 5.5 |
| 2018-11-02 | CVE-2018-15762 | Improper Privilege Management vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. | 6.5 |
| 2018-10-18 | CVE-2018-15758 | Unspecified vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. network pivotal-software | 6.8 |
| 2018-10-05 | CVE-2018-15763 | Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Container Service Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. | 4.0 |
| 2018-10-05 | CVE-2018-1264 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry LOG Cache Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. | 5.0 |
| 2018-10-05 | CVE-2018-11082 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Cloudfoundry UAA and Cloudfoundry UAA Release Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. | 5.0 |