Vulnerabilities > Pivotal

DATE CVE VULNERABILITY TITLE RISK
2017-10-04 CVE-2017-8048 In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application.
local
low complexity
cloudfoundry pivotal
7.8
2017-10-04 CVE-2017-8047 Open Redirect vulnerability in multiple products
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect.
network
low complexity
pivotal cloudfoundry CWE-601
6.1
2017-09-07 CVE-2016-0732 Improper Privilege Management vulnerability in multiple products
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
network
low complexity
cloudfoundry pivotal CWE-269
8.8
2017-06-13 CVE-2017-4975 Incorrect Default Permissions vulnerability in Pivotal PCF Tile Generator 5.0.7
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0.
network
low complexity
pivotal CWE-276
7.5
2017-06-13 CVE-2017-4971 Insecure Default Initialization of Resource vulnerability in Pivotal Spring web Flow
An issue was discovered in Pivotal Spring Web Flow through 2.4.4.
network
high complexity
pivotal CWE-1188
5.9
2017-05-25 CVE-2016-4977 Data Processing Errors vulnerability in Pivotal Spring Security Oauth
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
network
low complexity
pivotal CWE-19
8.8
2017-05-25 CVE-2016-4435 Permissions, Privileges, and Access Controls vulnerability in Pivotal Bosh Stemcell 3146.13/3232.4
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM.
network
high complexity
pivotal CWE-264
critical
9.0
2016-09-18 CVE-2016-6639 7PK - Security Features vulnerability in multiple products
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
network
low complexity
cloudfoundry pivotal CWE-254
7.5
2016-09-18 CVE-2016-0930 Race Condition vulnerability in Pivotal Operations Manager
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.
network
low complexity
pivotal CWE-362
critical
9.8
2016-09-18 CVE-2016-0928 Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
pivotal CWE-601
7.4