Vulnerabilities > Vmware > Single Sign ON FOR Pivotal Cloud Foundry

DATE CVE VULNERABILITY TITLE RISK
2017-11-27 CVE-2017-8044 Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
network
low complexity
vmware CWE-79
6.1
2017-09-09 CVE-2017-8041 Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
network
low complexity
vmware CWE-79
6.1
2017-09-09 CVE-2017-8040 XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard.
network
low complexity
vmware CWE-611
6.5