// For flags

CVE-2019-11282

UAA is vulnerable to a Blind SCIM injection leading to information disclosure

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

Cloud Foundry UAA, versiones anteriores a v74.3.0, contiene un endpoint que es vulnerable al ataque de inyección SCIM. Un usuario malicioso autenticado remoto con alcance de scim.invite puede diseñar una petición con contenido malicioso que puede filtrar información sobre los usuarios de la UAA.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-18 CVE Reserved
  • 2019-10-23 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-deployment
Search vendor "Cloudfoundry" for product "Cf-deployment"
< 12.2.0
Search vendor "Cloudfoundry" for product "Cf-deployment" and version " < 12.2.0"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Cloud Foundry Uaa
Search vendor "Pivotal Software" for product "Cloud Foundry Uaa"
< 74.3.0
Search vendor "Pivotal Software" for product "Cloud Foundry Uaa" and version " < 74.3.0"
-
Affected