All 5 CVE vulnerabilities found in UAA Release, with AI-generated Chinese analysis, references, and POCs.
Vendor: Cloud Foundry
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-11293 | UAA logs all query parameters with debug logging level CWE-532 | 6.5 | - | 2019-12-06 |
| CVE-2019-11290 | Cloud Foundry UAA logs query parameters in tomcat access file CWE-532 | 7.5 | - | 2019-11-25 |
| CVE-2019-11282 | UAA is vulnerable to a Blind SCIM injection leading to information disclosure CWE-200 | 4.3 | - | 2019-10-23 |
| CVE-2018-15754 | UAA can issue tokens across identity providers if users with matching usernames exist | 8.1 | - | 2018-12-13 |
| CVE-2018-11082 | Cloud Foundry UAA MFA does not prevent brute force of MFA code | 7.5 | - | 2018-10-05 |
All 5 known CVE vulnerabilities affecting UAA Release with full Chinese analysis, references, and POCs where available.