Latest Pivotal software Vulnerabilities

CVE-2022-31683
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to...
Pivotal Software Concourse>=6.0.0<6.7.9
Pivotal Software Concourse>=7.0.0<7.8.3
CVE-2021-22112
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in...
Pivotal Software Spring Security<5.2.9
Pivotal Software Spring Security>=5.3.0<5.3.8
Vmware Spring Security>=5.4.0<5.4.4
Oracle Communications Element Manager>=8.2.0<=8.2.4.0
Oracle Communications Interactive Session Recorder=6.3
Oracle Communications Interactive Session Recorder=6.4
and 5 more
CVE-2020-5419
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitM...
Pivotal Software RabbitMQ<3.7.28
Vmware Rabbitmq>=3.8.0<3.8.7
CVE-2020-5415
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as...
Pivotal Software Concourse<6.3.1
Pivotal Software Concourse>=6.4.0<6.4.1
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deseria...
Pivotal Software Spring Batch>=4.0.0<=4.0.4
Pivotal Software Spring Batch>=4.1.0<=4.1.4
Pivotal Software Spring Batch>=4.2.0<=4.2.2
CVE-2020-5408
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the ...
Pivotal Software Spring Security>=5.2.0<5.2.4
Pivotal Software Spring Security>=5.3.0<5.3.2
Vmware Spring Security>=4.2.0<4.2.16
Vmware Spring Security>=5.0.0<5.0.16
Vmware Spring Security>=5.1.0<5.1.10
CVE-2020-5409
Pivotal Software Concourse<5.2.8
Pivotal Software Concourse>=5.3.0<5.5.10
Pivotal Software Concourse>=5.6.0<5.8.1
CVE-2020-5407
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider...
Pivotal Software Spring Security>=5.2.0<5.2.4
Pivotal Software Spring Security>=5.3.0<5.3.2
CVE-2020-5399
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL dat...
Cloudfoundry Credhub<2.5.10
Pivotal Software Cloud Foundry Cf-deployment<12.29.0
CVE-2019-11292
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameter...
Pivotal Software Operations Manager>=2.4.0<2.4.27
Pivotal Software Operations Manager>=2.5.0<2.5.24
Pivotal Software Operations Manager>=2.6.0<2.6.16
Pivotal Software Operations Manager>=2.7.0<2.7.5
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web managem...
redhat/rabbitmq-server<3.7.21
redhat/rabbitmq-server<3.8.1
Pivotal Software Rabbitmq>=1.16.0<1.16.7
Pivotal Software Rabbitmq>=1.17.0<1.17.4
Pivotal Software RabbitMQ>=3.7.0<3.7.21
Vmware Rabbitmq>=3.8.0<3.8.1
and 4 more
CVE-2019-11283
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for ...
Cloudfoundry Cf-deployment<12.2.0
Pivotal Software Cloud Foundry Smb Volume<2.0.3
CVE-2019-11282
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with ma...
Cloudfoundry Cf-deployment<12.2.0
Pivotal Software Cloud Foundry Uaa<74.3.0
CVE-2019-11281
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the v...
Pivotal Software RabbitMQ<3.7.18
Pivotal Software Rabbitmq>=1.15.0<1.15.13
Pivotal Software Rabbitmq>=1.16.0<1.16.6
Pivotal Software Rabbitmq>=1.17.0<1.17.3
Redhat Openstack=15
Redhat Openstack For Ibm Power=15
and 3 more
CVE-2019-11275
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior ...
Pivotal Apps Manager>=666.0.0<666.0.36
Pivotal Apps Manager>=667.0.0<667.0.22
Pivotal Apps Manager>=668.0.0<668.0.21
Pivotal Apps Manager>=669.0.0<669.0.13
Pivotal Apps Manager>=670.0.0<670.0.7
Pivotal Software Pivotal Application Service>=2.3.0<=2.3.18
and 3 more
CVE-2019-11280
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservi...
Pivotal Software Pivotal Application Service>=2.3.0<2.3.18
Pivotal Software Pivotal Application Service>=2.4.0<2.4.14
Pivotal Software Pivotal Application Service>=2.5.0<2.5.10
Pivotal Software Pivotal Application Service>=2.6.0<2.6.5
CVE-2019-11276
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplic...
Pivotal Software Application Service>=2.3.0<2.3.16
Pivotal Software Application Service>=2.4.0<2.4.12
Pivotal Software Application Service>=2.5.0<2.5.8
Pivotal Software Application Service>=2.6.0<2.6.3
CVE-2019-11270
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created vi...
Pivotal Software Application Service>=2.3.0<2.3.15
Pivotal Software Application Service>=2.4.0<2.4.11
Pivotal Software Application Service>=2.5.0<2.5.7
Pivotal Software Application Service>=2.6.0<2.6.2
Pivotal Software Cloud Foundry Uaa<73.4.0
Pivotal Software Operations Manager>=2.3.0<2.3.22
and 3 more
CVE-2019-11273
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remot...
Pivotal Software Pivotal Container Service>=1.3.0<1.3.7
Pivotal Software Pivotal Container Service>=1.4.0<1.4.1
CVE-2019-3794
Pivotal Software Cloud Foundry Uaa<73.4.0
CVE-2019-11268
Pivotal Software Cloud Foundry Uaa-release<73.3.0
CVE-2019-3787
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is ...
Pivotal Software Cloud Foundry Uaa-release<73.0.0
CVE-2019-11269
Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in ...
IBM GDE<=3.0.0.2
Pivotal Software Spring Security Oauth>=2.0.0<2.0.18
Pivotal Software Spring Security Oauth>=2.1.0<2.1.5
Pivotal Software Spring Security Oauth>=2.2.0<2.2.5
Pivotal Software Spring Security Oauth>=2.3.0<2.3.6
Oracle Banking Corporate Lending=14.1.0
and 6 more
CVE-2019-3790
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refre...
Pivotal Software Operations Manager>=2.2.0<2.2.23
Pivotal Software Operations Manager>=2.3.0<2.3.16
Pivotal Software Operations Manager>=2.4.0<2.4.11
Pivotal Software Operations Manager>=2.5.0<2.5.3
CVE-2019-3802
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatche...
Pivotal Software Spring Data Java Persistance Api>=1.11.0<=1.11.21
Pivotal Software Spring Data Java Persistance Api>=2.0.0<=2.0.14
Pivotal Software Spring Data Java Persistance Api>=2.1.0<=2.1.7
CVE-2019-3797
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more resul...
Pivotal Software Spring Data Java Persistence Api>=1.11.0<=1.11.19
Pivotal Software Spring Data Java Persistence Api>=2.0.0<=2.0.13
Pivotal Software Spring Data Java Persistence Api>=2.1.0<=2.1.5
CVE-2019-3792
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse serve...
Pivotal Software Concourse<5.0.1
CVE-2019-3777
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs...
Pivotal Software Application Service>=2.2.0<2.2.12
Pivotal Software Application Service>=2.3.0<2.3.7
Pivotal Software Application Service>=2.4.0<2.4.3
CVE-2019-3776
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vul...
Pivotal Software Operations Manager>=2.1.0<2.1.20
Pivotal Software Operations Manager>=2.2.0<2.2.16
Pivotal Software Operations Manager>=2.3.0<2.3.10
Pivotal Software Operations Manager>=2.4.0<2.4.3
CVE-2019-3778
Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using ...
IBM GDE<=3.0.0.2
Pivotal Software Spring Security Oauth>=2.0.0<2.0.17
Pivotal Software Spring Security Oauth>=2.1.0<2.1.4
Pivotal Software Spring Security Oauth>=2.2.0<2.2.4
Pivotal Software Spring Security Oauth>=2.3.0<2.3.5
Oracle Banking Corporate Lending=14.1.0
and 2 more
CVE-2019-3774
Pivotal Spring Batch could allow a remote attacker to obtain sensitive information, caused by improper handling of XML External Entity (XXE). By persuading a victim to open a specially-crafted file, a...
IBM GDE<=3.0.0.2
Pivotal Software Spring Batch<=3.0.9
Pivotal Software Spring Batch>=4.0.0<=4.0.1
Pivotal Software Spring Batch=4.1.0
CVE-2019-3773
Spring Web Services XML External Entity Injection (XXE)
<=2.4.3
>=3.0.0<=3.0.4
>=8.0.6<=8.1.0
=12.0.0
=12.1.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.6<=8.1.0
and 2 more
CVE-2019-3803
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token ...
Pivotal Software Concourse<4.2.2
CVE-2018-15798
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth re...
go/github.com/concourse/concourse>=5.6.0<5.8.1
go/github.com/concourse/concourse>=5.3.0<5.5.10
go/github.com/concourse/concourse<5.2.8
Pivotal Software Concourse>=4.0.0<4.2.2
CVE-2018-15754
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same usern...
Pivotal Software Cloud Foundry Uaa-release>=60.0<66.0
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain informat...
Pivotal Software Rabbitmq
CVE-2018-15797
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote ...
Pivotal Software Cloud Foundry Nfs Volume>=1.2.0<1.2.5
Pivotal Software Cloud Foundry Nfs Volume>=1.5.0<1.5.4
Pivotal Software Cloud Foundry Nfs Volume>=1.7.0<1.7.3
CVE-2018-15759
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service ...
Pivotal Software Broker Api<3.0.2
Pivotal Software On Demand Services Sdk<0.24.0
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url...
Pivotal Software Cloud Foundry Uaa<4.23.0
Pivotal Software Cloudfoundry Uaa Release<64.0
maven/org.cloudfoundry.identity:cloudfoundry-identity-server<4.23.0
CVE-2018-15795
Pivotal Software Credhub Service Broker<1.1.0
CVE-2018-15796
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing the...
Pivotal Software Bits Service<2.14.0
CVE-2018-15762
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for ...
Pivotal Software Operations Manager>=2.0.0<2.0.24
Pivotal Software Operations Manager>=2.1.0<2.1.15
Pivotal Software Operations Manager>=2.2.0<2.2.7
Pivotal Software Operations Manager>=2.3.0<2.3.1
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalati...
redhat/spring-security-oauth<2.3.4
redhat/spring-security-oauth<2.2.3
redhat/spring-security-oauth<2.1.3
redhat/spring-security-oauth<2.0.16
maven/org.springframework.security.oauth:spring-security-oauth2>=2.3.0<2.3.4.RELEASE
maven/org.springframework.security.oauth:spring-security-oauth2>=2.2.0<2.2.3.RELEASE
and 7 more
CVE-2018-15763
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application log...
Pivotal Software Pivotal Container Service<1.2
CVE-2018-11082
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a...
Pivotal Software Cloudfoundry Uaa<4.20.0
Pivotal Software Cloudfoundry Uaa Release<61.0
CVE-2018-1264
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secre...
Pivotal Software Cloud Foundry Log Cache<1.1.1
CVE-2018-11081
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk,...
Pivotal Software Operations Manager>=1.11.0<1.12.25
Pivotal Software Operations Manager>=2.0.0<2.0.16
Pivotal Software Operations Manager>=2.1.0<2.1.11
Pivotal Software Operations Manager>=2.2.0<2.2.1
CVE-2018-1198
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this...
Pivotal Software Pivotal Cloud Cache<1.3.1
CVE-2018-11088
Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A spa...
Pivotal Software Pivotal Application Service>=2.0.0<2.0.21
Pivotal Software Pivotal Application Service>=2.1.0<2.1.13
Pivotal Software Pivotal Application Service>=2.2.0<2.2.5
CVE-2018-11086
Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space deve...
Pivotal Software Pivotal Application Service>=2.0.0<2.0.21
Pivotal Software Pivotal Application Service>=2.1.0<2.1.13
Pivotal Software Pivotal Application Service>=2.2.0<2.2.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203