Vulnerabilities (CVE)

Vendor filter

Pivotal Software Subscribe

Filter

150 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1274 1 Pivotal Software 2 Spring Data Commons, Spring Data Rest 2019-10-03 5.0
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue...
CVE-2017-4973 1 Pivotal Software 3 Cloud Foundry Uaa Bosh, Cloud Foundry Uaa, Cloud Foundry Cf 2019-10-03 6.5
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh...
CVE-2018-1262 1 Pivotal Software 3 Cloud Foundry Uaa, Cloud Foundry Uaa-release, Cloud Foundry Cf-deployment 2019-10-03 6.5
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens...
CVE-2017-4966 1 Pivotal Software 1 Rabbitmq 2019-10-03 2.1
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions...
CVE-2018-1227 1 Pivotal Software 1 Concourse 2019-10-03 5.0
Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI...
CVE-2017-8031 1 Pivotal Software 2 Cf-release, Uaa-release 2019-10-03 3.5
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a...
CVE-2018-15756 2 Pivotal Software, Oracle 4 Spring Framework, Enterprise Manager Ops Center, Retail Invoice Matching and 1 more 2019-10-03 5.0
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the...
CVE-2018-1231 1 Pivotal Software 1 Bosh Cli 2019-10-03 6.5
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated...
CVE-2017-14390 1 Pivotal Software 1 Cf-deployment 2019-10-03 5.0
In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.
CVE-2018-15758 1 Pivotal Software 1 Spring Security Oauth 2019-10-03 6.8
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user...
CVE-2017-8028 2 Pivotal Software, Debian 2 Spring-ldap, Debian Linux 2019-10-03 5.1
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with...
CVE-2018-1197 1 Pivotal Software 1 Windows Stemcells 2019-10-03 6.0
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
CVE-2017-4955 1 Pivotal Software 1 Cloud Foundry Elastic Runtime 2019-10-03 5.0
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the...
CVE-2018-11086 1 Pivotal Software 1 Pivotal Application Service 2019-10-03 4.0
Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be...
CVE-2018-1278 1 Pivotal Software 1 Pivotal Application Service 2019-10-03 4.3
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any...
CVE-2017-4992 1 Pivotal Software 3 Cloud Foundry Uaa Bosh, Cloud Foundry Uaa, Cloud Foundry Cf 2019-10-03 7.5
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh...
CVE-2019-11270 1 Pivotal Software 3 Application Service, Cloud Foundry Uaa, Operations Manager 2019-08-20 5.0
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with...
CVE-2017-4963 2 Pivotal Software, Pivotal 8 Cloud Foundry Uaa Bosh, Cloud Foundry Uaa, Cloud Foundry and 5 more 2019-07-30 6.8
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation...
CVE-2018-1271 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-07-23 4.3
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a...
CVE-2018-1257 3 Pivotal Software, Redhat, Oracle 27 Spring Framework, Openshift, Agile Product Lifecycle Management and 24 more 2019-07-23 4.0
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging...