| CVE-2015-5172 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2015-5171 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Cloud Foundry Runtime Insufficient Session Expiration vulnerability |
| CVE-2017-4992 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Cloud Foundry UAA privilege escalation with user invitations |
| CVE-2016-6637 |
critical |
9.6 |
9.6 |
|
|
|
10y ago |
Cloud Foundry vulnerable to Cross-Site Request Forgery |
| CVE-2015-5170 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability |
| CVE-2017-4973 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
Cloud Foundry UAA Privilege Escalation |
| CVE-2016-3084 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
Cloud Foundry UAA reset password vulnerable to brute force attack |
| CVE-2017-4960 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Cloud Foundry denial of service vulnerability |
| CVE-2017-4991 |
high |
7.2 |
7.2 |
|
|
|
9y ago |
Cloud Foundry UAA password reset vulnerability |
| CVE-2017-8032 |
medium |
6.6 |
6.6 |
|
|
|
9y ago |
Cloud Foundry UAA Identity Zone Admin Privilege Escalation |
| CVE-2026-22723 |
medium |
6.5 |
6.5 |
|
|
|
3mo ago |
Cloudfoundry UAA has logic error in the token revocation endpoint implementation |
| CVE-2017-4974 |
medium |
6.5 |
6.5 |
|
|
|
9y ago |
Blind SQL Injection with privileged Cloud Foundry UAA endpoints |
| CVE-2016-5016 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Cloud Foundry vulnerable to Improper Certificate Validation |
| CVE-2017-8031 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Cloud Foundry UAA Denial of Service through client token revocation endpoint |
| CVE-2018-1192 |
unknown |
— |
— |
|
|
|
4y ago |
Cloud Foundry UAA SessionID present in Audit Event Logs |
| CVE-2018-11041 |
unknown |
— |
— |
|
|
|
4y ago |
Cloud Foundry UAA open redirect |
| CVE-2018-11047 |
unknown |
— |
— |
|
|
|
4y ago |
Cloud Foundry UAA accepts refresh token as access token on admin endpoints |
| CVE-2018-15761 |
unknown |
— |
— |
|
|
|
4y ago |
Cloud Foundry UAA Privilege Escalation |
| CVE-2018-1190 |
unknown |
— |
— |
|
|
|
4y ago |
Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint |
| CVE-2018-1262 |
unknown |
— |
— |
|
|
|
4y ago |
UAA privilege escalation across identity zones |