Pivotal Software Login-server

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*

part: a version: - update: *

VendorPivotal Software (a7eef617-cad9-5400-bbf0-2e56b16d90a7)
ProductLogin Server (8637d193-1fdd-5a8e-9931-0906dfff1a84)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2016-3084 vulnerable 2026-06-03 14:35:45.037078 Details available
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
Published: 2017-05-25T17:00:00.000Z
Updated: 2024-08-05T23:40:15.665Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0781 vulnerable 2026-06-03 14:35:22.301307 Details available
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
Published: 2017-05-25T17:00:00.000Z
Updated: 2024-08-05T22:30:04.905Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.