Vulnerabilities > Pivotal Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-13 | CVE-2017-4967 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. | 4.3 |
| 2017-06-13 | CVE-2017-4965 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. | 4.3 |
| 2017-06-13 | CVE-2017-4963 | Session Fixation vulnerability in Pivotal Software products An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. | 6.8 |
| 2017-06-13 | CVE-2017-4959 | Privilege Escalation vulnerability in Pivotal Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. | 6.5 |
| 2017-06-13 | CVE-2017-4955 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. | 5.0 |
| 2017-05-25 | CVE-2016-5007 | Permissions, Privileges, and Access Controls vulnerability in multiple products Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. | 5.0 |
| 2017-05-25 | CVE-2016-3084 | Permissions, Privileges, and Access Controls vulnerability in multiple products The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. | 4.3 |
| 2017-05-25 | CVE-2016-2165 | Improper Input Validation vulnerability in multiple products The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. | 4.3 |
| 2017-05-25 | CVE-2016-0781 | Cross-site Scripting vulnerability in multiple products The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | 4.3 |
| 2017-05-25 | CVE-2016-0780 | Resource Management Errors vulnerability in multiple products It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. | 5.0 |