CVE-2019-11282

< 74.3.0

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authentic

4.3MEDIUM

CVE-2019-11270

< 73.4.0

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' author

7.5HIGH

CVE-2019-3794

< 73.4.0

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perfo

5.4MEDIUM

CVE-2019-11268

< 73.3.0

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with

4.3MEDIUM

CVE-2019-3787

< 73.0.0

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not p

8.3HIGH

CVE-2018-15754

>= 60.0 and < 66.0

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity provide

4.2MEDIUM

CVE-2018-15761

< 4.23.0

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows fo

9.9CRITICAL

CVE-2018-11082

< 4.20.0

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of

6.6MEDIUM

CVE-2018-11047

>= 4.5.0 and < 4.5.7

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5

7.5HIGH

CVE-2018-11041

> 48 and < 52.9

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 a

6.1MEDIUM

CVE-2018-1262

all versions

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across ident

7.2HIGH

CVE-2018-1192

all versions

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4

8.8HIGH

CVE-2015-5173

< 2.5.2

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow

8.8HIGH

CVE-2015-5172

< 2.5.2

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow

9.8CRITICAL

CVE-2015-5171

< 2.5.2

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF

9.8CRITICAL

CVE-2015-5170

< 2.5.2

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow

8.8HIGH

CVE-2017-8032

all versions

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x

6.6MEDIUM

CVE-2017-4994

<= 4.2.0

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18

7.5HIGH

CVE-2017-4992

<= 4.2.0

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17

9.8CRITICAL

CVE-2017-4991

<= 4.2.0

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16

7.2HIGH

CVE-2017-4974

<= 4.2.0

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15

6.5MEDIUM

CVE-2017-4973

all versions

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14

8.8HIGH

CVE-2017-4972

<= 3.15.0

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14

7.5HIGH

CVE-2017-4963

<= 26

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.

8.1HIGH

CVE-2016-3084

<= 3.3.0

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versi

8.1HIGH

CVE-2016-0781

<= 2.7.4.1

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2

6.1MEDIUM

CVE-2015-3191

<= 2.2.6

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry

8.8HIGH

CVE-2015-3190

<= 2.2.6

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry

6.1MEDIUM

CVE-2015-3189

<= 2.2.5

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry

3.7LOW

CVE-2016-5016

<= 12.2

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and ea

5.9MEDIUM

CVE-2016-4468

<= 3.4.0

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x befor

8.8HIGH

CVE-2017-4960

all versions

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh R

7.5HIGH

CVE-2016-6659

<= 3.9.2

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (a

8.1HIGH

CVE-2016-6651

<= 3.7.0

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x bef

8.8HIGH

CVE-2016-6637

all versions

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x

9.6CRITICAL

CVE-2016-6636

all versions

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and

5.3MEDIUM