CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3794 – UAA - Login app subject to clickjacking attack
https://notcve.org/view.php?id=CVE-2019-3794
18 Jul 2019 — Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. Cloud Foundry UAA, versiones anteriores a v73.4.0, no establece un encabezado X-FRAME-OPTIONS en varios puntos finales. Un usuario remoto puede realizar ataques de clickjacking en los sitios front-end de UAA. • https://www.cloudfoundry.org/blog/cve-2019-3794 • CWE-284: Improper Access Control CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11268 – UAA SQL Identity Zone Vulnerability
https://notcve.org/view.php?id=CVE-2019-11268
11 Jul 2019 — Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones. Cloud Foundry UAA anterior a versión 73.3.0, comprende endpoints que contienen un escape inapropiado. Un usuario malicioso autenticado con privilegios básicos de lectura para una zona... • https://www.cloudfoundry.org/blog/cve-2019-11268 • CWE-116: Improper Encoding or Escaping of Output CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3787 – UAA defaults email address to an insecure domain
https://notcve.org/view.php?id=CVE-2019-3787
19 Jun 2019 — Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account. Cloud Foundry UAA, versiones anteriores a la versión 73.0.0, recurre a agregar "unknown.org" a la di... • https://www.cloudfoundry.org/blog/cve-2019-3787 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password CWE-840: Business Logic Errors •
CVSS: 5.8EPSS: 6%CPEs: 7EXPL: 2CVE-2019-11269 – Open Redirector in spring-security-oauth2
https://notcve.org/view.php?id=CVE-2019-11269
12 Jun 2019 — Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-a... • https://packetstorm.news/files/id/153299 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3790 – Ops Manager uaa client issues tokens after refresh token expiration
https://notcve.org/view.php?id=CVE-2019-3790
06 Jun 2019 — The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources. El Pivotal Ops Manager, versiones 2.2.x anteriores a 2.2.23, 2.3.x versiones anteriores a 2.3.16, 2.4.x versiones anteriores a 2.4.11, y 2.5.x versiones ante... • http://www.securityfocus.com/bid/108512 • CWE-324: Use of a Key Past its Expiration Date CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3802 – Additional information exposure with Spring Data JPA example matcher
https://notcve.org/view.php?id=CVE-2019-3802
03 Jun 2019 — This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. Esto afecta a Spring Data JPA en versiones hasta 2.1.6, 2.0.14 y 1.11.20 inclusive. ExampleMatcher utilizando ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING o E... • https://pivotal.io/security/cve-2019-3802 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3797 – Additional information exposure with Spring Data JPA derived queries
https://notcve.org/view.php?id=CVE-2019-3797
06 May 2019 — This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. Esto afecta a Spring Data JPA en versiones hasta 2.1.5, 2.0.13 y 1... • https://pivotal.io/security/cve-2019-3797 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3793 – Invitations Service supports HTTP connections
https://notcve.org/view.php?id=CVE-2019-3793
24 Apr 2019 — Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests. Pivotal Apps Manager Release, versiones 665.0.x anteriores a 665.0.28, versiones 666.0.x anteriores a 666.0.21, versiones 667.0.x anteriores a 667.0.7, presentan un servicio de ... • https://pivotal.io/security/cve-2019-3793 • CWE-300: Channel Accessible by Non-Endpoint CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3792 – Concourse 5.0.0 SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2019-3792
01 Apr 2019 — Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. Pivotal Concourse versión 5.0.0, contiene una API que es vulnerable a la inyección SQL. Un recurso Concourse puede diseñar un identificador de versión que puede llevar una carga de inyección SQL al servidor Concourse, lo que permite al atacante leer datos privil... • https://pivotal.io/security/cve-2019-3792 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 41%CPEs: 7EXPL: 3CVE-2019-3778 – Open Redirect in spring-security-oauth2
https://notcve.org/view.php?id=CVE-2019-3778
07 Mar 2019 — Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner us... • https://packetstorm.news/files/id/153299 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •