Vulnerabilities (CVE)

Vendor filter

Pivotal Subscribe

Product filter

Spring Security Oauth Subscribe

Filter

17 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-4977 1 Pivotal 1 Spring Security Oauth 2019-10-16 6.5
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code...
CVE-2017-3203 1 Pivotal 1 Spring-flex 2019-10-09 6.8
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability...
CVE-2017-8048 1 Pivotal 2 Capi-release, Cf-release 2019-10-03 6.8
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code...
CVE-2017-4971 1 Pivotal 1 Spring Web Flow 2019-10-03 4.3
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious...
CVE-2017-8039 1 Pivotal 1 Spring Web Flow 2019-10-03 4.3
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious...
CVE-2017-4975 1 Pivotal 1 Pcf Tile Generator 2019-10-03 5.0
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.
CVE-2017-4963 2 Pivotal Software, Pivotal 8 Cloud Foundry Uaa Bosh, Cloud Foundry Uaa, Cloud Foundry and 5 more 2019-07-30 6.8
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation...
CVE-2014-3625 2 Pivotal, Pivotal Software 2 Spring Framework, Spring Framework 2019-07-14 5.0
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CVE-2014-3578 2 Pivotal, Pivotal Software 2 Spring Framework, Spring Framework 2019-07-14 5.0
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2018-1260 2 Pivotal, Pivotal Software 2 Spring Security Oauth, Spring Security Oauth 2019-03-13 7.5
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization...
CVE-2016-6639 2 Pivotal, Cloud Foundry 3 Php Buildpack, Cloud Foundry Elastic Runtime, Cloud Foundry Php Buildpack 2018-08-09 5.0
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the...
CVE-2018-1190 1 Pivotal 2 Cf-release, Uaa Bosh 2018-01-18 4.3
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS)...
CVE-2017-8047 1 Pivotal 2 Cf-release, Routing-release 2017-10-23 5.8
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An...
CVE-2016-4435 2 Cloud Foundry Foundation, Pivotal 2 Bosh Stemcell, Bosh Stemcell 2017-10-02 6.8
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability...
CVE-2016-0732 1 Pivotal 4 Uaa, Elastic Runtime, Uaa-release and 1 more 2017-09-18 6.5
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated...
CVE-2016-0930 1 Pivotal 1 Operations Manager 2016-11-28 5.0
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an...
CVE-2016-0928 1 Pivotal 1 Cloud Foundry Elastic Runtime 2016-11-28 5.8
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.