Cloudfoundry Uaa Release — known CVE vulnerabilities
Every CVE whose affected-product data names Cloudfoundry Uaa Release, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-3801 — CVSS 9.8 (critical): Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies…
CVE-2019-11279 — CVSS 8.8 (high): CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A…
CVE-2019-3788 — CVSS 8.7 (high): Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was…
CVE-2019-3775 — CVSS 7.1 (high): Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a…
CVE-2025-22246 — CVSS 3.0 (low): Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.