Cf-deployment CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-14390	1 Pivotal Software	1 Cf-deployment	2025-04-20	N/A
In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.
CVE-2019-11283	2 Cloudfoundry, Pivotal Software	2 Cf-deployment, Cloud Foundry Smb Volume	2024-11-21	8.8 High
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
CVE-2019-11282	2 Cloudfoundry, Pivotal Software	2 Cf-deployment, Cloud Foundry Uaa	2024-11-21	4.3 Medium
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
CVE-2018-1265	2 Cloudfoundry, Pivotal Software	2 Cf-deployment, Cloud Foundry Diego	2024-11-21	N/A
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.
CVE-2018-1262	2 Cloudfoundry, Pivotal Software	3 Cf-deployment, Cloud Foundry Uaa, Cloud Foundry Uaa-release	2024-11-21	N/A
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

Page 1 of 1.