Vulnerabilities (CVE)

Filtered by vendor Pivotal Software Subscribe
Total 145 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1273 3 Apache, Oracle, Pivotal Software 4 Ignite, Financial Services Crime And Compliance Management Studio, Spring Data Commons and 1 more 2024-07-16 7.5 HIGH 9.8 CRITICAL
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
CVE-2022-31683 1 Pivotal Software 1 Concourse 2024-02-05 N/A 5.4 MEDIUM
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
CVE-2021-22112 3 Oracle, Pivotal Software, Vmware 8 Communications Element Manager, Communications Interactive Session Recorder, Communications Unified Inventory Management and 5 more 2024-02-04 9.0 HIGH 8.8 HIGH
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
CVE-2020-5407 1 Pivotal Software 1 Spring Security 2024-02-04 6.5 MEDIUM 8.8 HIGH
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
CVE-2020-5419 2 Pivotal Software, Vmware 2 Rabbitmq, Rabbitmq 2024-02-04 4.6 MEDIUM 6.7 MEDIUM
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
CVE-2020-5411 1 Pivotal Software 1 Spring Batch 2024-02-04 6.8 MEDIUM 8.1 HIGH
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.
CVE-2020-5408 2 Pivotal Software, Vmware 2 Spring Security, Spring Security 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
CVE-2020-5409 1 Pivotal Software 1 Concourse 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
CVE-2020-5415 1 Pivotal Software 1 Concourse 2024-02-04 6.4 MEDIUM 10.0 CRITICAL
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
CVE-2019-11282 2 Cloudfoundry, Pivotal Software 2 Cf-deployment, Cloud Foundry Uaa 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
CVE-2013-6430 1 Pivotal Software 1 Spring Framework 2024-02-04 3.5 LOW 5.4 MEDIUM
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
CVE-2019-11292 1 Pivotal Software 1 Operations Manager 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
CVE-2019-11275 2 Pivotal, Pivotal Software 2 Apps Manager, Pivotal Application Service 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.
CVE-2020-5399 2 Cloudfoundry, Pivotal Software 2 Credhub, Cloud Foundry Cf-deployment 2024-02-04 5.8 MEDIUM 7.4 HIGH
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
CVE-2019-11281 1 Pivotal Software 1 Rabbitmq 2024-02-04 3.5 LOW 4.8 MEDIUM
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
CVE-2019-11280 1 Pivotal Software 1 Pivotal Application Service 2024-02-04 6.5 MEDIUM 8.8 HIGH
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.
CVE-2019-11287 5 Debian, Fedoraproject, Pivotal Software and 2 more 5 Debian Linux, Fedora, Rabbitmq and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVE-2019-11283 2 Cloudfoundry, Pivotal Software 2 Cf-deployment, Cloud Foundry Smb Volume 2024-02-04 4.0 MEDIUM 8.8 HIGH
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
CVE-2019-3787 1 Pivotal Software 1 Cloud Foundry Uaa-release 2024-02-04 4.3 MEDIUM 8.8 HIGH
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.
CVE-2019-11269 2 Oracle, Pivotal Software 2 Banking Corporate Lending, Spring Security Oauth 2024-02-04 5.8 MEDIUM 5.4 MEDIUM
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.