Vulnerabilities (CVE)

Vendor filter

Pivotal Software Subscribe

Filter

135 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11273 1 Pivotal Software 1 Pivotal Container Service 2019-09-11 4.0
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs...
CVE-2019-11276 1 Pivotal Software 1 Application Service 2019-08-30 4.1
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and...
CVE-2019-11270 1 Pivotal Software 3 Application Service, Cloud Foundry Uaa, Operations Manager 2019-08-20 5.0
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with...
CVE-2018-15758 1 Pivotal Software 1 Spring Security Oauth 2019-08-08 6.8
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user...
CVE-2017-4963 2 Pivotal Software, Pivotal 8 Cloud Foundry Uaa Bosh, Cloud Foundry Uaa, Cloud Foundry and 5 more 2019-07-30 6.8
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation...
CVE-2018-1272 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-07-23 6.0
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from...
CVE-2018-1271 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-07-23 4.3
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a...
CVE-2018-1258 3 Pivotal Software, Oracle, Netapp 35 Spring Framework, Application Testing Suite, Communications Diameter Signaling Router and 32 more 2019-07-23 6.5
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CVE-2018-1257 3 Pivotal Software, Redhat, Oracle 27 Spring Framework, Openshift, Agile Product Lifecycle Management and 24 more 2019-07-23 4.0
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging...
CVE-2018-11040 2 Pivotal Software, Oracle 17 Spring Framework, Agile Product Lifecycle Management, Application Testing Suite and 14 more 2019-07-23 4.3
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST...
CVE-2019-3794 1 Pivotal Software 1 Cloud Foundry Uaa 2019-07-22 4.3
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
CVE-2019-11268 1 Pivotal Software 1 Cloud Foundry Uaa-release 2019-07-18 4.0
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and...
CVE-2015-5211 1 Pivotal Software 1 Spring Framework 2019-07-14 9.3
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch...
CVE-2014-3625 2 Pivotal, Pivotal Software 2 Spring Framework, Spring Framework 2019-07-14 5.0
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CVE-2014-3578 2 Pivotal, Pivotal Software 2 Spring Framework, Spring Framework 2019-07-14 5.0
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2018-1275 2 Pivotal Software, Oracle 16 Spring Framework, Application Testing Suite, Big Data Discovery and 13 more 2019-07-03 7.5
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module....
CVE-2018-1270 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-07-03 7.5
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module....
CVE-2018-1199 1 Pivotal Software 2 Spring Framework, Spring Security 2019-07-03 5.0
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By...
CVE-2019-11272 1 Pivotal Software 1 Spring Security 2019-06-27 7.5
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a...
CVE-2019-3787 1 Pivotal Software 1 Cloud Foundry Uaa-release 2019-06-24 4.3
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to...