Vulnerabilities (CVE)

Vendor filter

Cloudfoundry Subscribe

Product filter

User Account And Authentication Subscribe

Filter

2 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11278 1 Cloudfoundry 1 User Account And Authentication 2019-10-09 7.5
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges,...
CVE-2019-11274 1 Cloudfoundry 1 User Account And Authentication 2019-10-09 4.3
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.