| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2020-5417 | Cloud Controller may allow developers to claim sensitive routes | Cloud Foundry | CAPI | 高危 | - | 2020-08-21 21:50:15 | Deep Dive |
| CVE-2020-5416 | CF clusters with NGINX in front of them may be vulnerable to DoS | Cloud Foundry | Routing | 中危 | - | 2020-08-21 21:50:14 | Deep Dive |
| CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs | Cloud Foundry | UAA | 高危 | - | 2020-02-27 19:30:24 | Deep Dive |
| CVE-2020-5401 | Cloud Foundry GoRouter is vulnerable to cache poisoning | Cloud Foundry | Routing | 中危 | - | 2020-02-27 19:30:24 | Deep Dive |
| CVE-2020-5400 | Cloud Controller logs environment variables from app manifests | Cloud Foundry | CAPI | 中危 | - | 2020-02-27 19:30:23 | Deep Dive |
| CVE-2020-5399 | CredHub does not properly enable TLS for MySQL database connections | Cloud Foundry | CredHub | 高危 | - | 2020-02-12 20:30:17 | Deep Dive |
| CVE-2019-11294 | CAPI leaks service broker URLs and GUIDs to space developers | Cloud Foundry | CAPI | 中危 | - | 2019-12-19 19:35:12 | Deep Dive |
| CVE-2019-11293 | UAA logs all query parameters with debug logging level | Cloud Foundry | UAA Release | 中危 | - | 2019-12-06 20:00:17 | Deep Dive |
| CVE-2019-11290 | Cloud Foundry UAA logs query parameters in tomcat access file | Cloud Foundry | UAA Release | 高危 | - | 2019-11-25 23:56:17 | Deep Dive |
| CVE-2019-11289 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash | Cloud Foundry | Routing | 高危 | - | 2019-11-19 18:41:05 | Deep Dive |
| CVE-2019-11283 | Password leak in smbdriver logs | Cloud Foundry | SMB Volume | 高危 | - | 2019-10-23 15:32:22 | Deep Dive |
| CVE-2019-11282 | UAA is vulnerable to a Blind SCIM injection leading to information disclosure | Cloud Foundry | UAA Release | 中危 | - | 2019-10-23 15:28:24 | Deep Dive |
| CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA | Cloud Foundry | UAA Release (OSS) | 高危 | - | 2019-09-26 21:15:10 | Deep Dive |
| CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry | UAA Release (OSS) | 高危 | - | 2019-09-26 21:11:24 | Deep Dive |
| CVE-2019-11277 | Volume Services is vulnerable to an LDAP injection attack | Cloud Foundry | CF NFS volume release | 高危 | - | 2019-09-23 17:40:18 | Deep Dive |
| CVE-2019-11274 | UAA SCIM Filter XSS | Cloud Foundry | UAA Release (OSS) | 中危 | - | 2019-08-09 19:22:18 | Deep Dive |
| CVE-2019-3800 | CF CLI writes the client id and secret to config file | Cloud Foundry | CF CLI Release | 高危 | - | 2019-08-05 16:38:20 | Deep Dive |
| CVE-2019-11270 | UAA clients.write vulnerability | Cloud Foundry | UAA Release (OSS) | 高危 | - | 2019-08-05 16:21:55 | Deep Dive |
| CVE-2019-3794 | UAA - Login app subject to clickjacking attack | Cloud Foundry | UAA Release (OSS) | 中危 | - | 2019-07-18 15:47:00 | Deep Dive |
| CVE-2019-11268 | UAA SQL Identity Zone Vulnerability | Cloud Foundry | UAA Release (OSS) | 中危 | - | 2019-07-11 18:11:37 | Deep Dive |