Cloudfoundry Cf-release — known CVE vulnerabilities
Every CVE whose affected-product data names Cloudfoundry Cf-release, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2015-5172 — CVSS 9.8 (critical): Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers…
CVE-2016-8218 — CVSS 9.8 (critical): An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231…
CVE-2015-5171 — CVSS 9.8 (critical): The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic…
CVE-2016-6655 — CVSS 9.8 (critical): An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to…
CVE-2017-4992 — CVSS 9.8 (critical): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x…
CVE-2016-6658 — CVSS 9.6 (critical): Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the…
CVE-2015-3191 — CVSS 8.8 (high): With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime…
CVE-2015-5173 — CVSS 8.8 (high): Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers…
CVE-2016-0732 — CVSS 8.8 (high): The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when…
CVE-2018-1195 — CVSS 8.8 (high): In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller…
CVE-2015-5170 — CVSS 8.8 (high): Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote…
CVE-2017-8033 — CVSS 7.8 (high): An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release…
CVE-2017-8048 — CVSS 7.8 (high): In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original…
CVE-2016-0780 — CVSS 7.5 (high): It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud…
CVE-2017-4972 — CVSS 7.5 (high): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x…
CVE-2016-9882 — CVSS 7.5 (high): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud…
CVE-2017-8037 — CVSS 7.5 (high): In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270…
CVE-2017-8035 — CVSS 7.5 (high): An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and…
CVE-2017-4991 — CVSS 7.2 (high): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x…
CVE-2017-8034 — CVSS 6.6 (medium): The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0…
CVE-2016-8219 — CVSS 6.5 (medium): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with…
CVE-2016-2165 — CVSS 6.5 (medium): The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x…
CVE-2015-1834 — CVSS 6.5 (medium): A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to…
CVE-2017-14389 — CVSS 6.5 (medium): An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280)…
CVE-2017-4969 — CVSS 6.5 (medium): The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk…
CVE-2017-4974 — CVSS 6.5 (medium): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x…
CVE-2017-8047 — CVSS 6.1 (medium): In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it…
CVE-2015-3190 — CVSS 6.1 (medium): With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime…
CVE-2018-1190 — CVSS 6.1 (medium): An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA…
CVE-2017-4970 — CVSS 5.9 (medium): An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression…
CVE-2016-0708 — CVSS 5.9 (medium): Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but…
CVE-2017-8031 — CVSS 5.3 (medium): An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x…
CVE-2016-2169 — CVSS 5.3 (medium): Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw…
CVE-2016-0713 — CVSS 4.7 (medium): Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via…
CVE-2015-3189 — CVSS 3.7 (low): With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime…