Cloudfoundry Cloud_foundry_uaa_bosh
15 CVEs affecting Cloudfoundry Cloud_foundry_uaa_bosh. Latest disclosed: 2017-07-10. Critical: 2, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-4992 | Critical | 9.8 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3… |
CVE-2016-6637 | Critical | 9.6 | 2016-09-30 | Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x bef… |
CVE-2017-4973 | High | 8.8 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3… |
CVE-2016-4468 | High | 8.8 | 2017-04-11 | SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2… |
CVE-2016-6651 | High | 8.8 | 2016-09-30 | The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11… |
CVE-2016-3084 | High | 8.1 | 2017-05-25 | The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA rele… |
CVE-2016-6659 | High | 8.1 | 2016-12-23 | Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 f… |
CVE-2017-4994 | High | 7.5 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3… |
CVE-2017-4972 | High | 7.5 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3… |
CVE-2017-4960 | High | 7.5 | 2017-03-10 | An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There… |
CVE-2017-4991 | High | 7.2 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3… |
CVE-2017-8032 | Medium | 6.6 | 2017-07-10 | In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3… |
CVE-2017-4974 | Medium | 6.5 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3… |
CVE-2016-0781 | Medium | 6.1 | 2017-05-25 | The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and… |
CVE-2016-6636 | Medium | 5.3 | 2016-09-30 | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH… |