Pivotal Application Service
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:pivotal_application_service:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Pivotal Application Service (37580286-8725-5862-9d99-e935ce9da0ec) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-3788 |
vulnerable | 2026-06-03 14:40:27.466869 |
UAA redirect-uri allows wildcard in the subdomain
HIGH (8.7)
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
Published: 2019-04-25T20:17:37.233Z
Updated: 2024-09-16T22:02:12.371Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3777 |
vulnerable | 2026-06-03 14:40:27.446854 |
Apps Manager unverified SSL certs in Cloud Controller proxy
HIGH (8)
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller
Published: 2019-03-07T19:00:00.000Z
Updated: 2024-09-16T21:56:55.392Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1278 |
vulnerable | 2026-06-03 14:38:30.774144 |
Details available
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.
Published: 2018-05-11T20:00:00.000Z
Updated: 2024-09-16T23:42:24.325Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11044 |
vulnerable | 2026-06-03 14:38:00.743334 |
Details available
Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
Published: 2018-07-24T19:00:00.000Z
Updated: 2024-09-16T21:02:31.767Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.