Vulnerabilities > Pivotal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-04 | CVE-2017-8048 | In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. | 7.8 |
2017-10-04 | CVE-2017-8047 | Open Redirect vulnerability in multiple products In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. | 6.1 |
2017-09-07 | CVE-2016-0732 | Improper Privilege Management vulnerability in multiple products The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. | 8.8 |
2017-06-13 | CVE-2017-4975 | Incorrect Default Permissions vulnerability in Pivotal PCF Tile Generator 5.0.7 An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. | 7.5 |
2017-06-13 | CVE-2017-4971 | Insecure Default Initialization of Resource vulnerability in Pivotal Spring web Flow An issue was discovered in Pivotal Spring Web Flow through 2.4.4. | 5.9 |
2017-05-25 | CVE-2016-4977 | Data Processing Errors vulnerability in Pivotal Spring Security Oauth When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. | 8.8 |
2017-05-25 | CVE-2016-4435 | Permissions, Privileges, and Access Controls vulnerability in Pivotal Bosh Stemcell 3146.13/3232.4 An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. | 9.0 |
2016-09-18 | CVE-2016-6639 | 7PK - Security Features vulnerability in multiple products Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file. | 7.5 |
2016-09-18 | CVE-2016-0930 | Race Condition vulnerability in Pivotal Operations Manager Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. | 9.8 |
2016-09-18 | CVE-2016-0928 | Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 7.4 |