Filtered by vendor Pivotal
Subscribe
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0732 | 2 Cloudfoundry, Pivotal | 4 Cf-release, Uaa-release, User Account And Authentication and 1 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. | |||||
| CVE-2017-4975 | 1 Pivotal | 1 Pcf Tile Generator | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. | |||||
| CVE-2017-4971 | 1 Pivotal | 1 Spring Web Flow | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. | |||||
| CVE-2016-4977 | 1 Pivotal | 1 Spring Security Oauth | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. | |||||
| CVE-2018-1190 | 2 Cloudfoundry, Pivotal | 3 Cf-release, Uaa, Uaa Bosh | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management. | |||||
| CVE-2017-8048 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Capi-release | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
| CVE-2016-4435 | 1 Pivotal | 1 Bosh Stemcell | 2023-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
| An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID. | |||||
| CVE-2016-6639 | 2 Cloudfoundry, Pivotal | 2 Php-buildpack, Cloud Foundry Elastic Runtime | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file. | |||||
| CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-0930 | 1 Pivotal | 1 Operations Manager | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. | |||||