HIGH🇬🇧 English

CVE-2019-11270

CVSS 7.5v3.1pub. 2019-08-05upd. 2024-11-21

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Pivotal Software Application Service

    APP
    Pivotal Software
    2.3.0 – 2.3.15 (bez)2.4.0 – 2.4.11 (bez)2.5.0 – 2.5.7 (bez)2.6.0 – 2.6.2 (bez)
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    < 73.4.0
  • Pivotal Software Operations Manager

    APP
    Pivotal Software
    2.3.0 – 2.3.22 (bez)2.4.0 – 2.4.16 (bez)2.5.0 – 2.5.10 (bez)2.6.0 – 2.6.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-3793CRITICAL9.8ten sam produkt

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions...

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2018-15762CRITICAL9.0ten sam produkt

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x pri...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2019-11270 — HIGH 7.5 | CVEbaza.pl