CVE-2019-3794: UAA - Login app subject to clickjacking attack
First published: Thu Jul 18 2019(Updated: )
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pivotal Software Cloud Foundry Uaa | <73.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cloud Foundry UAA vulnerability?
The vulnerability ID for this Cloud Foundry UAA vulnerability is CVE-2019-3794.
What is the severity level of CVE-2019-3794?
The severity level of CVE-2019-3794 is medium (5.4).
What is the description of CVE-2019-3794?
CVE-2019-3794 is a vulnerability in Cloud Foundry UAA that allows remote users to perform clickjacking attacks on UAA's frontend sites.
Which version of Cloud Foundry UAA is affected by CVE-2019-3794?
Versions of Cloud Foundry UAA prior to v73.4.0 are affected by CVE-2019-3794.
Is there a fix available for CVE-2019-3794?
Yes, updating Cloud Foundry UAA to version 73.4.0 or later will fix the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/softwarecombine
- agent/type
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/pivotal software
- canonical/pivotal software cloud foundry uaa