Pivotal_software Cloud_foundry_elastic_runtime
26 CVEs affecting Pivotal_software Cloud_foundry_elastic_runtime. Latest disclosed: 2017-10-24. Critical: 7, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-5172 | Critical | 9.8 | 2017-10-24 | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified… |
CVE-2015-5171 | Critical | 9.8 | 2017-10-24 | The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7… |
CVE-2017-4955 | Critical | 9.8 | 2017-06-13 | An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9… |
CVE-2017-2773 | Critical | 9.8 | 2017-06-13 | An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9… |
CVE-2016-0761 | Critical | 9.8 | 2017-05-25 | Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docke… |
CVE-2016-5006 | Critical | 9.8 | 2017-05-02 | The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential inf… |
CVE-2016-6637 | Critical | 9.6 | 2016-09-30 | Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x bef… |
CVE-2015-5173 | High | 8.8 | 2017-10-24 | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified… |
CVE-2015-5170 | High | 8.8 | 2017-10-24 | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct c… |
CVE-2017-4959 | High | 8.8 | 2017-06-13 | An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments usin… |
CVE-2015-3191 | High | 8.8 | 2017-05-25 | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the… |
CVE-2016-4468 | High | 8.8 | 2017-04-11 | SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2… |
CVE-2016-6651 | High | 8.8 | 2016-09-30 | The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11… |
CVE-2016-3084 | High | 8.1 | 2017-05-25 | The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA rele… |
CVE-2016-0780 | High | 7.5 | 2017-05-25 | It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtim… |
CVE-2016-6657 | High | 7.4 | 2016-12-16 | An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the follow… |
CVE-2016-0896 | High | 7.3 | 2016-09-18 | Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might… |
CVE-2016-2165 | Medium | 6.5 | 2017-05-25 | The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20… |
CVE-2015-1834 | Medium | 6.5 | 2017-05-25 | A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud… |
CVE-2016-0781 | Medium | 6.1 | 2017-05-25 | The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and… |