Approved changes feed: RSS · Atom
cpe:2.3:a:cloud_foundry:uaa:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cloud Foundry (bbc462c7-a964-5178-97e1-18033ab4dbd3) |
|---|---|
| Product | Uaa (58987e13-8f8e-5e8d-be54-495f536b67a0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-22246 |
vulnerable | 2026-06-03 14:59:39.379668 |
CVE-2025-22246 – UAA Private Key Exposure
LOW (3)
Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
Published: 2025-05-13T05:14:40.968Z
Updated: 2025-05-13T13:49:09.193Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5402 |
vulnerable | 2026-06-03 14:42:56.390069 |
UAA fails to check the state parameter when authenticating with external IDPs
HIGH (8.8)
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
Published: 2020-02-27T19:30:24.167Z
Updated: 2024-09-16T17:03:33.297Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15761 |
vulnerable | 2026-06-03 14:38:19.388472 |
UAA Privilege Escalation
CRITICAL (9.9)
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
Published: 2018-11-19T14:00:00.000Z
Updated: 2024-09-17T00:46:20.654Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11082 |
vulnerable | 2026-06-03 14:38:00.879627 |
Cloud Foundry UAA MFA does not prevent brute force of MFA code
MEDIUM (6.6)
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Published: 2018-10-05T21:00:00.000Z
Updated: 2024-09-17T02:00:59.932Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.