Pivotal_software Cloud_foundry
10 CVEs affecting Pivotal_software Cloud_foundry. Latest disclosed: 2017-05-25. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5006 | Critical | 9.8 | 2017-05-02 | The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential inf… |
CVE-2016-6637 | Critical | 9.6 | 2016-09-30 | Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x bef… |
CVE-2016-4468 | High | 8.8 | 2017-04-11 | SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2… |
CVE-2016-6651 | High | 8.8 | 2016-09-30 | The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11… |
CVE-2016-3084 | High | 8.1 | 2017-05-25 | The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA rele… |
CVE-2016-6659 | High | 8.1 | 2016-12-23 | Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 f… |
CVE-2017-4960 | High | 7.5 | 2017-03-10 | An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There… |
CVE-2016-0781 | Medium | 6.1 | 2017-05-25 | The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and… |
CVE-2016-5016 | Medium | 5.9 | 2017-04-24 | Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud… |
CVE-2016-6636 | Medium | 5.3 | 2016-09-30 | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH… |