Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-11081 | Unspecified vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. | 4.0 |
| 2018-09-17 | CVE-2018-1198 | Information Exposure Through Log Files vulnerability in Pivotal Software Pivotal Cloud Cache Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. | 4.0 |
| 2018-09-17 | CVE-2018-11088 | Unspecified vulnerability in Pivotal Software Pivotal Application Service Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. | 4.0 |
| 2018-09-17 | CVE-2018-11086 | Unspecified vulnerability in Pivotal Software Pivotal Application Service Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. | 4.0 |
| 2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in Pivotal Software Rabbitmq and Spring Advanced Message Queuing Protocol Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 4.3 |
| 2018-09-11 | CVE-2016-0715 | Information Exposure vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. | 4.3 |
| 2018-07-24 | CVE-2018-11047 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. | 5.0 |
| 2018-07-24 | CVE-2018-11044 | Improper Input Validation vulnerability in Pivotal Software Pivotal Application Service Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. | 4.0 |
| 2018-07-11 | CVE-2018-11045 | Use of Insufficiently Random Values vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. | 4.3 |
| 2018-06-25 | CVE-2018-11046 | Improper Input Validation vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. | 4.0 |