Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'User account and authentication'
2021-08-11
CVE-2021-22098
CWE-601
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims�?? accounts in certain cases along with redirection of UAA users to a malicious sites.
2020-02-27
CVE-2020-5402
CWE-352
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
2019-12-06
CVE-2019-11293
CWE-532
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.
2019-11-26
CVE-2019-11290
CWE-200
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat�??s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
2019-09-26
CVE-2019-11278
CWE-20
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.
2019-08-09
CVE-2019-11274
CWE-79
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.
>>>
Vendor:
Cloudfoundry
18
Products
Cf-release
Capi-release
Bosh azure cpi
Cf-mysql-release
Routing-release
Staticfile buildpack
Cf-deployment
Uaa release
Routing release
Garden-runc
User account and authentication
Container runtime
Command line interface
Credhub cli
Stratos
Bosh backup and restore
Cloud controller
Routing
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 