Cloud Foundry Uaa vulnerabilities

3 known vulnerabilities affecting cloud_foundry/cloud_foundry_uaa.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2025-22216MEDIUMCVSS 5.4≥ 77.20.X, < 77.20.2≥ 77.2X.0, < 77.25.02025-01-31

CVE-2025-22216 [MEDIUM] CWE-384 CVE-2025-22216: A UAA configured with multiple identity zones, does not properly validate session information across A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.

CVE-2018-11047HIGHCVSS 7.5≥ 4.19, < 4.19.2≥ 4.12, < 4.12.4+3 more2018-07-24

CVE-2018-11047 [HIGH] CWE-863 CVE-2018-11047: Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 a Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the posse

CVE-2018-11041MEDIUMCVSS 6.1vlater than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.52018-06-25

CVE-2018-11041 [MEDIUM] CWE-601 CVE-2018-11041: Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-rel Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link th