Pivotal Software

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-9877 2Broadcom Pivotal Software 2Rabbitmq Rabbitmq Server May 6, 2026 Dec 29, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authenti...Show more An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.Show less
CVE-2016-6659 2Cloudfoundry Pivotal Software 3Cloud Foundry Cloud Foundry UaaCloud Foundry Uaa Bosh May 6, 2026 Dec 23, 2016 N/A· v4 8.1 HIGH· v3 2.6 LOW· v2 Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to g...Show more Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.Show less
CVE-2016-6657 1Pivotal Software 2Cloud Foundry Elastic Runtime Cloud Foundry Ops Manager May 6, 2026 Dec 16, 2016 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to...Show more An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.Show less
CVE-2016-6656 1Pivotal Software 1Greenplum May 6, 2026 Dec 16, 2016 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vul...Show more An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table.Show less
CVE-2015-8786 2Oracle Pivotal Software 2Rabbitmq Solaris May 6, 2026 Dec 9, 2016 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.
CVE-2016-6653 1Pivotal Software 1Cloud Foundry Cf Mysql May 6, 2026 Oct 6, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
CVE-2016-6652 1Pivotal Software 1Spring Data Jpa May 6, 2026 Oct 5, 2016 N/A· v4 5.6 MEDIUM· v3 6.8 MEDIUM· v2 SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attacke...Show more SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.Show less
CVE-2016-6651 2Cloudfoundry Pivotal Software 5Cloud Foundry Cloud Foundry Elastic RuntimeCloud Foundry Ops Manager+2 more May 6, 2026 Sep 30, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x...Show more The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.Show less
CVE-2016-6637 2Cloudfoundry Pivotal Software 5Cloud Foundry Cloud Foundry Elastic RuntimeCloud Foundry Ops Manager+2 more May 6, 2026 Sep 30, 2016 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.Show less
CVE-2016-6636 2Cloudfoundry Pivotal Software 5Cloud Foundry Cloud Foundry Elastic RuntimeCloud Foundry Ops Manager+2 more May 6, 2026 Sep 30, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6....Show more The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.Show less
CVE-2016-0929 1Pivotal Software 1Rabbitmq May 6, 2026 Sep 18, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by read...Show more The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.Show less
CVE-2016-0927 1Pivotal Software 1Cloud Foundry Elastic Runtime May 6, 2026 Sep 18, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-0926 1Pivotal Software 1Cloud Foundry Elastic Runtime May 6, 2026 Sep 18, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified...Show more Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.Show less
CVE-2016-0897 1Pivotal Software 1Operations Manager May 6, 2026 Sep 18, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.
CVE-2016-0896 1Pivotal Software 1Cloud Foundry Elastic Runtime May 6, 2026 Sep 18, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivi...Show more Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.Show less
CVE-2016-0883 1Pivotal Software 1Operations Manager May 6, 2026 Sep 18, 2016 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication b...Show more Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.Show less
CVE-2015-3192 3Fedoraproject Pivotal SoftwareVmware 3Fedora Spring FrameworkSpring Framework May 6, 2026 Jul 12, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumptio...Show more Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.Show less
CVE-2015-0201 2Pivotal Software Vmware 2Spring Framework Spring Framework May 6, 2026 Mar 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
CVE-2014-3578 1Pivotal Software 1Spring Framework May 6, 2026 Feb 19, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2014-9494 1Pivotal Software 1Rabbitmq May 6, 2026 Jan 20, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Previous 1...4 5 678 Next