Cloudfoundry User Account And Authentication — known CVE vulnerabilities
Every CVE whose affected-product data names Cloudfoundry User Account And Authentication, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-5402 — CVSS 8.8 (high): In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the…
CVE-2019-11278 — CVSS 8.8 (high): CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and…
CVE-2016-0732 — CVSS 8.8 (high): The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when…
CVE-2021-22001 — CVSS 7.5 (high): In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request…
CVE-2019-11290 — CVSS 7.5 (high): Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used…
CVE-2019-11293 — CVSS 6.5 (medium): Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query…
CVE-2019-11274 — CVSS 6.1 (medium): Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL…
CVE-2021-22098 — CVSS 6.1 (medium): UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect…
CVE-2023-20903 — CVSS 4.3 (medium): This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity…