Pivotal Software Cloud Foundry Elastic Runtime — known CVE vulnerabilities
Every CVE whose affected-product data names Pivotal Software Cloud Foundry Elastic Runtime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2016-5006 — CVSS 9.8 (critical): The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive…
CVE-2017-4955 — CVSS 9.8 (critical): An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior…
CVE-2015-5171 — CVSS 9.8 (critical): The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic…
CVE-2015-5172 — CVSS 9.8 (critical): Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers…
CVE-2017-2773 — CVSS 9.8 (critical): An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior…
CVE-2016-0761 — CVSS 9.8 (critical): Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing…
CVE-2016-6637 — CVSS 9.6 (critical): Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before…
CVE-2016-6658 — CVSS 9.6 (critical): Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the…
CVE-2016-4468 — CVSS 8.8 (high): SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1…
CVE-2017-4959 — CVSS 8.8 (high): An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud…
CVE-2015-5173 — CVSS 8.8 (high): Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers…
CVE-2015-3191 — CVSS 8.8 (high): With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime…
CVE-2015-5170 — CVSS 8.8 (high): Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote…
CVE-2016-6651 — CVSS 8.8 (high): The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before…
CVE-2016-3084 — CVSS 8.1 (high): The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of…
CVE-2016-0780 — CVSS 7.5 (high): It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud…
CVE-2016-6657 — CVSS 7.4 (high): An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions…
CVE-2016-0896 — CVSS 7.3 (high): Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application…
CVE-2015-1834 — CVSS 6.5 (medium): A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to…
CVE-2016-2165 — CVSS 6.5 (medium): The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x…
CVE-2015-3190 — CVSS 6.1 (medium): With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime…
CVE-2016-0927 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject…
CVE-2016-0926 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before…
CVE-2016-0781 — CVSS 6.1 (medium): The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0…
CVE-2016-5016 — CVSS 5.9 (medium): Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier…
CVE-2016-0715 — CVSS 5.9 (medium): Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote…
CVE-2016-6636 — CVSS 5.3 (medium): The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x…
CVE-2015-3189 — CVSS 3.7 (low): With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime…