Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22723 | 1 Cloudfoundry | 1 Uaa | 2026-03-06 | 6.5 Medium |
| Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0. | ||||
| CVE-2025-22246 | 1 Cloudfoundry | 2 Cf-deployment, Uaa Release | 2025-07-11 | 3 Low |
| Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. | ||||
| CVE-2016-0732 | 2 Cloudfoundry, Pivotal | 4 Cf-release, Uaa-release, User Account And Authentication and 1 more | 2025-04-20 | 8.8 High |
| The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. | ||||
| CVE-2017-8031 | 1 Cloudfoundry | 2 Cf-release, Uaa-release | 2025-04-20 | 5.3 Medium |
| An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service. | ||||
| CVE-2019-3801 | 1 Cloudfoundry | 3 Cf-deployment, Credhub, Uaa Release | 2024-11-21 | 9.8 Critical |
| Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component. | ||||
| CVE-2019-3788 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | N/A |
| Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. | ||||
| CVE-2019-3775 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | N/A |
| Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user. | ||||
| CVE-2019-11279 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | 8.8 High |
| CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | ||||
| CVE-2018-1190 | 2 Cloudfoundry, Pivotal | 3 Cf-release, Uaa, Uaa Bosh | 2024-11-21 | N/A |
| An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management. | ||||
Page 1 of 1.