threat
engine
.sh
Back
·
··:··
Home
/
Product
/
pivotal software cloud foundry elastic runtime
Product
pivotal software cloud foundry elastic runtime
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2016-0715
>= 1.4.0 and <= 1.4.5
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to
5.9
MEDIUM
CVE-2016-6658
< 1.6.49
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to t
9.6
CRITICAL
CVE-2015-5173
< 1.7.0
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow
8.8
HIGH
CVE-2015-5172
< 1.7.0
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow
9.8
CRITICAL
CVE-2015-5171
< 1.7.0
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF
9.8
CRITICAL
CVE-2015-5170
< 1.7.0
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow
8.8
HIGH
CVE-2017-4959
all versions
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal C
8.8
HIGH
CVE-2017-4955
all versions
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versi
9.8
CRITICAL
CVE-2017-2773
all versions
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versi
9.8
CRITICAL
CVE-2016-3084
<= 1.7.1
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versi
8.1
HIGH
CVE-2016-2165
<= 1.5.18
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.
6.5
MEDIUM
CVE-2016-0781
all versions
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2
6.1
MEDIUM
CVE-2016-0780
all versions
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal
7.5
HIGH
CVE-2016-0761
all versions
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing
9.8
CRITICAL
CVE-2015-3191
<= 1.4.5
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry
8.8
HIGH
CVE-2015-3190
<= 1.4.5
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry
6.1
MEDIUM
CVE-2015-3189
<= 1.4.5
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry
3.7
LOW
CVE-2015-1834
<= 1.4.1
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions pri
6.5
MEDIUM
CVE-2016-5006
<= 1.6.32
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain
9.8
CRITICAL
CVE-2016-5016
>= 1.6.0 and < 1.6.35
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and ea
5.9
MEDIUM
CVE-2016-4468
all versions
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x befor
8.8
HIGH
CVE-2016-6657
all versions
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected ver
7.4
HIGH
CVE-2016-6651
all versions
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x bef
8.8
HIGH
CVE-2016-6637
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x
9.6
CRITICAL
CVE-2016-6636
all versions
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and
5.3
MEDIUM
CVE-2016-6639
<= 1.6.37
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Fo
7.5
HIGH
CVE-2016-0928
<= 1.6.29
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow r
7.4
HIGH
CVE-2016-0927
all versions
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to injec
6.1
MEDIUM
CVE-2016-0926
>= 1.6.0 and < 1.6.32
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x be
6.1
MEDIUM
CVE-2016-0896
<= 1.6.33
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Applicatio
7.3
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin