HIGH🇵🇱 Wersja polska

CVE-2019-11270

CVSS 7.5v3.1pub. 2019-08-05upd. 2024-11-21

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Pivotal Software Application Service

    APP
    Pivotal Software
    2.3.0 – 2.3.15 (bez)2.4.0 – 2.4.11 (bez)2.5.0 – 2.5.7 (bez)2.6.0 – 2.6.2 (bez)
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    < 73.4.0
  • Pivotal Software Operations Manager

    APP
    Pivotal Software
    2.3.0 – 2.3.22 (bez)2.4.0 – 2.4.16 (bez)2.5.0 – 2.5.10 (bez)2.6.0 – 2.6.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-3793CRITICAL9.8ten sam produkt

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions...

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2018-15762CRITICAL9.0ten sam produkt

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x pri...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...