Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-25 | CVE-2018-11041 | Open Redirect vulnerability in Pivotal Software Cloud Foundry UAA and Cloud Foundry Uaa-Release Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. | 5.8 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 6.5 |
| 2018-05-17 | CVE-2018-1276 | Information Exposure vulnerability in Pivotal Software Windows Stemcells Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. | 4.0 |
| 2018-05-15 | CVE-2018-1262 | Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. | 6.5 |
| 2018-05-11 | CVE-2018-1280 | SQL Injection vulnerability in Pivotal Software Greenplum Command Center Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. | 5.0 |
| 2018-05-11 | CVE-2018-1278 | Incorrect Authorization vulnerability in Pivotal Software Pivotal Application Service Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. | 4.3 |
| 2018-05-11 | CVE-2018-1259 | XXE vulnerability in multiple products Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. | 5.0 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 6.5 |
| 2018-04-18 | CVE-2018-1274 | Allocation of Resources Without Limits or Throttling vulnerability in Pivotal Software Spring Data Commons and Spring Data Rest Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. | 5.0 |
| 2018-04-18 | CVE-2016-8220 | Information Exposure vulnerability in Pivotal Software Gemfire Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. | 5.0 |