Vulnerabilities (CVE)
| CVE | Vendors | Products | Updated | CVSS |
|---|---|---|---|---|
| CVE-2019-11278 | 1 Cloudfoundry | 1 User Account And Authentication | 2019-10-09 | 7.5 |
| CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges,... | ||||
| CVE-2019-11274 | 1 Cloudfoundry | 1 User Account And Authentication | 2019-10-09 | 4.3 |
| Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. | ||||