Page 2 of 18 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 143EXPL: 0

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile. Se detectó un problema en las versiones de PCF Elastic Runtime de Pivotal versiones 1.6.x anteriores a 1.6.65, versiones 1.7.x anteriores a 1.7.48, versiones 1.8.x anteriores a 1.8.28 y versiones 1.9.x anteriores a 1.9.5. Varias credenciales estaban presentes en los registros para la tarea Notifications en el mosaico de PCF Elastic Runtime. • http://www.securityfocus.com/bid/97082 https://pivotal.io/security/cve-2017-4955 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 9.8EPSS: 0%CPEs: 123EXPL: 0

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue. Se ha descubierto un problema en Pivotal PCF Elastic Runtime en versiones 1.6.x anteriores a la 1.6.60, versiones 1.7.x anteriores a la 1.7.41, versiones 1.8.x anteriores a la 1.8.23 y versiones 1.9.x anteriores a la 1.9.1. La lógica de validación incompleta en las bibliotecas JSON Web Token (JWT) puede permitir que atacantes no privilegiados suplanten a otros usuarios en múltiples componentes incluidos en PCF Elastic Runtime. Esto también se conoce como problema "Unauthenticated JWT signing algorithm in multiple components". • http://www.securityfocus.com/bid/97135 https://pivotal.io/security/cve-2017-2773 • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. El flujo de la contraseña de restablecimiento de UAA en Cloud Foundry release versión v236 y anteriores, UAA release versión v3.3.0 y anteriores, todas las versiones de Login-server, UAA release versión v10 y anteriores y Pivotal Elastic Runtime versiones anteriores a 1.7.2, son vulnerables a un ataque de fuerza bruta debido a múltiples códigos activos en un momento dado. Esta vulnerabilidad solo es aplicable cuando usa el almacén de usuarios interno de UAA para la autenticación. • https://pivotal.io/security/cve-2016-3084 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. El Cloud Controller en Cloud Foundry versiones anteriores a 239 registra objetos de servicio proporcionados por el usuario durante la creación, lo que permite a los atacantes obtener información sensible de credenciales de usuarios a través de vectores no especificados. • https://pivotal.io/security/cve-2016-5006 https://www.cloudfoundry.org/CVE-2016-5006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. Pivotal Cloud Foundry 239 y versiones anteriores, UAA ( también conocido como User Account y Authentication Server) 3.4.1 y versiones anteriores, lanzamiento UAA 12.2 y versiones anteriores, PCF (también conocido como Pivotal Cloud Foundry) Elastic Runtime 1.6.x en versiones anteriores a 1.6.35, y PCF Elastic Runtime 1.7.x en versiones anteriores a 1.7.13 no valida si un certificado ha expirado. • https://github.com/cloudfoundry/cf-release/releases/tag/v240 https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3 https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3 https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6 https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3 https://github.com/cloudfoundry/uaa/releases/tag/3.4.2 https://pivotal.io/security/cve-2016-5016 • CWE-295: Improper Certificate Validation •