CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5172
https://notcve.org/view.php?id=CVE-2015-5172
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes causen un impacto no especificado aprovechando que no caducan los enlaces de reinicio de contraseña. • https://pivotal.io/security/cve-2015-5170-5173 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 8.8EPSS: 0%CPEs: 51EXPL: 0CVE-2016-0732
https://notcve.org/view.php?id=CVE-2016-0732
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. La característica de zonas de identidad en Pivotal Cloud Foundry 208 a 229; UAA 2.0.0 a 2.7.3 y 3.0.0; UAA-Release 2 hasta la 4, cuando se configura con múltiples zonas de identidad; y Elastic Runtime 1.6.0 hasta la 1.6.13 permite que los usuarios remotos autenticados con privilegios en una zona obtengan privilegios y realicen operaciones en una zona diferente mediante vectores no especificados. • https://pivotal.io/security/cve-2016-0732 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2017-4959
https://notcve.org/view.php?id=CVE-2017-4959
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges. Se ha descubierto un problema en Pivotal PCF Elastic Runtime, en versiones 1.8.x anteriores a la 1.8.29 y en versiones 1.9.x anteriores a la 1.9.7. Los despliegues de Pivotal Cloud Foundry que emplean la aplicación Pivotal Account son vulnerables a un error que permite que un usuario autorizado tome el control de la cuenta de otro usuario, lo que podría provocar el bloqueo de la cuenta y un potencial escalado de privilegios. • http://www.securityfocus.com/bid/96218 https://pivotal.io/security/cve-2017-4959 •
CVSS: 9.8EPSS: 0%CPEs: 143EXPL: 0CVE-2017-4955
https://notcve.org/view.php?id=CVE-2017-4955
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile. Se detectó un problema en las versiones de PCF Elastic Runtime de Pivotal versiones 1.6.x anteriores a 1.6.65, versiones 1.7.x anteriores a 1.7.48, versiones 1.8.x anteriores a 1.8.28 y versiones 1.9.x anteriores a 1.9.5. Varias credenciales estaban presentes en los registros para la tarea Notifications en el mosaico de PCF Elastic Runtime. • http://www.securityfocus.com/bid/97082 https://pivotal.io/security/cve-2017-4955 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 123EXPL: 0CVE-2017-2773
https://notcve.org/view.php?id=CVE-2017-2773
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue. Se ha descubierto un problema en Pivotal PCF Elastic Runtime en versiones 1.6.x anteriores a la 1.6.60, versiones 1.7.x anteriores a la 1.7.41, versiones 1.8.x anteriores a la 1.8.23 y versiones 1.9.x anteriores a la 1.9.1. La lógica de validación incompleta en las bibliotecas JSON Web Token (JWT) puede permitir que atacantes no privilegiados suplanten a otros usuarios en múltiples componentes incluidos en PCF Elastic Runtime. Esto también se conoce como problema "Unauthenticated JWT signing algorithm in multiple components". • http://www.securityfocus.com/bid/97135 https://pivotal.io/security/cve-2017-2773 • CWE-20: Improper Input Validation •