CVE-2026-22723

>= 77.30.0 and < 78.8.0

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.

6.5MEDIUM

CVE-2025-22246

>= 77.21.0 and < 77.32.0

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

3.0LOW

CVE-2019-11279

< 74.1.0

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scop

8.8HIGH

CVE-2019-11268

< 73.3.0

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with

4.3MEDIUM

CVE-2019-3787

< 73.0.0

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not p

8.3HIGH

CVE-2019-3801

< 64.0

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch depende

9.8CRITICAL

CVE-2019-3788

< 71.0

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA clie

8.7HIGH

CVE-2019-3775

< 70.0

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can imper

7.1HIGH

CVE-2018-15754

>= 60.0 and < 66.0

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity provide

4.2MEDIUM

CVE-2018-15761

< 64.0

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows fo

9.9CRITICAL

CVE-2018-11082

< 61.0

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of

6.6MEDIUM

CVE-2018-11041

> 48 and < 52.9

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 a

6.1MEDIUM

CVE-2018-1262

all versions

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across ident

7.2HIGH

CVE-2018-1192

all versions

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4

8.8HIGH

CVE-2017-8031

>= 30 and < 30.6

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6,

5.3MEDIUM

CVE-2016-0732

all versions

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, w

8.8HIGH

CVE-2017-4963

<= 26

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.

8.1HIGH

CVE-2016-5016

<= 12.2

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and ea

5.9MEDIUM