All 9 CVE vulnerabilities found in UAA Release (OSS), with AI-generated Chinese analysis, references, and POCs.
Vendor: Cloud Foundry
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA CWE-77 | 8.8 | - | 2019-09-26 |
| CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA CWE-77 | 8.8 | - | 2019-09-26 |
| CVE-2019-11274 | UAA SCIM Filter XSS CWE-79 | 6.1 | - | 2019-08-09 |
| CVE-2019-11270 | UAA clients.write vulnerability CWE-269 | 7.5 | - | 2019-08-05 |
| CVE-2019-3794 | UAA - Login app subject to clickjacking attack CWE-284 | 6.1 | - | 2019-07-18 |
| CVE-2019-11268 | UAA SQL Identity Zone Vulnerability CWE-200 | 6.5 | - | 2019-07-11 |
| CVE-2019-3787 | UAA defaults email address to an insecure domain CWE-840 | 9.8 | - | 2019-06-19 |
| CVE-2019-3788 | UAA redirect-uri allows wildcard in the subdomain CWE-601 | 6.1 | - | 2019-04-25 |
| CVE-2019-3775 | UAA allows users to modify their own email address CWE-290 | 8.1 | - | 2019-03-07 |
All 9 known CVE vulnerabilities affecting UAA Release (OSS) with full Chinese analysis, references, and POCs where available.