CVE-2019-3794 — Improper Access Control in Foundry UAA Release
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 46.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 18
Latest updateMay 24
Description
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5