Pivotal Software Cloud Foundry Elastic Runtime vulnerabilities
28 known vulnerabilities affecting pivotal_software/cloud_foundry_elastic_runtime.
Total CVEs
28
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH10MEDIUM9LOW1
Vulnerabilities
Page 2 of 2
CVE-2016-2165P4MEDIUMCVSS 6.5≤ 1.5.18v1.6.0+19 more2017-05-25
CVE-2016-2165 [MEDIUM] CWE-20 CVE-2016-2165: The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime v
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
nvd
CVE-2016-0715P4MEDIUMCVSS 5.9≥ 1.4.0, ≤ 1.4.5≥ 1.5.0, ≤ 1.5.11+1 more2018-09-11
CVE-2016-0715 [MEDIUM] CVE-2016-0715: Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 th
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Bu
nvd
CVE-2016-5016P4MEDIUMCVSS 5.9≥ 1.6.0, < 1.6.35≥ 1.7.0, < 1.7.132017-04-24
CVE-2016-5016 [MEDIUM] CWE-295 CVE-2016-5016: Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and ea
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
nvd
CVE-2016-0781P4MEDIUMCVSS 6.1v1.6.0v1.6.1+18 more2017-05-25
CVE-2016-0781 [MEDIUM] CWE-79 CVE-2016-0781: The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 t
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descripti
nvd
CVE-2016-0926P4MEDIUMCVSS 6.1≥ 1.6.0, < 1.6.32≥ 1.7.0, < 1.7.82016-09-18
CVE-2016-0926 [MEDIUM] CWE-79 CVE-2016-0926: Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runt
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
nvd
CVE-2015-3190P4MEDIUMCVSS 6.1≤ 1.4.52017-05-25
CVE-2015-3190 [MEDIUM] CWE-601 CVE-2015-3190: With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or ear
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
nvd
CVE-2016-0927P4MEDIUMCVSS 6.1v1.6.0v1.6.1+14 more2016-09-18
CVE-2016-0927 [MEDIUM] CWE-79 CVE-2016-0927: Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 al
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-3189P4LOWCVSS 3.7≤ 1.4.52017-05-25
CVE-2015-3189 [LOW] CWE-640 CVE-2015-3189: With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or ear
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authenticati
nvd
← Previous2 / 2