CRITICAL9.8CVE-2017-4992Cloud Foundry UAA privilege escalation with user invitations >= 2.0.0, < 2.7.4.17
CRITICAL9.8CVE-2015-5172Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password from 0, < 2.5.2
CRITICAL9.8Cloud Foundry Runtime Insufficient Session Expiration vulnerability
from 0, < 2.5.2
CRITICAL9.6Cloud Foundry vulnerable to Cross-Site Request Forgery
>= 2.0.0, < 2.7.4.7
HIGH8.8Cloud Foundry UAA SessionID present in Audit Event Logs
from 0, < 4.5.5
HIGH8.8Cloud Foundry UAA Privilege Escalation
from 0, < 4.23.0
HIGH8.8Cloud Foundry UAA Privilege Escalation
>= 2.0.0, < 2.7.4.14
HIGH8.8Cloud Foundry Runtime Cross-Site Request Forgery vulnerability
from 0, < 2.5.2
HIGH8.1Cloud Foundry UAA reset password vulnerable to brute force attack
from 0, < 3.3.0.1
HIGH7.5Cloud Foundry UAA accepts refresh token as access token on admin endpoints
from 0, < 4.5.7
HIGH7.5Cloud Foundry denial of service vulnerability
>= 3.10.0, < 3.12.0
HIGH7.2Cloud Foundry UAA password reset vulnerability
>= 2.0.0, < 2.7.4.16
HIGH7.2UAA privilege escalation across identity zones
>= 4.12.0, < 4.12.2
MEDIUM6.6Cloud Foundry UAA Identity Zone Admin Privilege Escalation
from 0, < 3.6.13
MEDIUM6.5Cloudfoundry UAA has logic error in the token revocation endpoint implementation
>= 77.30.0, < 78.8.0
MEDIUM6.5Blind SQL Injection with privileged Cloud Foundry UAA endpoints
>= 2.0.0, < 2.7.4.15
MEDIUM6.1Cloud Foundry UAA open redirect
from 0, < 4.7.5
MEDIUM6.1Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint
>= 3.0.0, < 3.20.2
MEDIUM5.9Cloud Foundry vulnerable to Improper Certificate Validation
>= 3.0.0, < 3.3.0.3
MEDIUM5.3Cloud Foundry UAA Denial of Service through client token revocation endpoint
>= 4.6.0, < 4.7.1
LOW3.7Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
from 0, < 2.2.5