Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVE-2025-22216 UAA Missing Zone Validation
Vulnerability Description
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
CloudFoundry UAA 安全漏洞
Vulnerability Description
CloudFoundry UAA是CloudFoundry基金会的一种多租户身份管理服务。 CloudFoundry UAA存在安全漏洞,该漏洞源于无法正确验证区域之间的会话信息。攻击者利用该漏洞可以重复使用其 jsessionid 来访问其他区域。
CVSS Information
N/A
Vulnerability Type
N/A