Pivotal Software Cloud Foundry Uaa-release — known CVE vulnerabilities
Every CVE whose affected-product data names Pivotal Software Cloud Foundry Uaa-release, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-1192 — CVSS 8.8 (high): In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5…
CVE-2019-3787 — CVSS 8.3 (high): Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided…
CVE-2017-4963 — CVSS 8.1 (high): An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 -…
CVE-2018-1262 — CVSS 7.2 (high): Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones…
CVE-2018-11041 — CVSS 6.1 (medium): Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior…
CVE-2016-5016 — CVSS 5.9 (medium): Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier…
CVE-2019-11268 — CVSS 4.3 (medium): Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic…
CVE-2018-15754 — CVSS 4.2 (medium): Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that…