VYPR

Single Sign On For Pivotal Cloud Foundry

by VMware

CVEs (3)

  • CVE-2017-8040MedSep 9, 2017
    risk 0.42cvss 6.5epss 0.01

    In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to…

  • CVE-2017-8044MedNov 27, 2017
    risk 0.40cvss 6.1epss 0.01

    In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

  • CVE-2017-8041MedSep 9, 2017
    risk 0.40cvss 6.1epss 0.01

    In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.