VYPR
Vendor

Pivot

Products
2
CVEs
36
Across products
37
Status
Private

Products

2

Recent CVEs

36
View all 36 CVEs →
  • CVE-2016-0930CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs…

  • CVE-2016-0897CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.

  • CVE-2016-0883CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another…

  • CVE-2018-15763CriOct 5, 2018
    risk 0.59cvss 9.0epss 0.01

    Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these…

  • CVE-2018-1198HigSep 17, 2018
    risk 0.57cvss 8.8epss 0.01

    Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.

  • CVE-2018-11088HigSep 17, 2018
    risk 0.57cvss 8.8epss 0.01

    Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact…

  • CVE-2018-11086HigSep 17, 2018
    risk 0.57cvss 8.8epss 0.01

    Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which…

  • CVE-2015-3191HigMay 25, 2017
    risk 0.57cvss 8.8epss 0.00

    With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user…

  • CVE-2016-4468HigApr 11, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows…

  • CVE-2018-1280HigMay 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.

  • CVE-2016-6653HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.01

    The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.

  • CVE-2016-0929HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.01

    The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that…

  • CVE-2016-6657HigDec 16, 2016
    risk 0.48cvss 7.4epss 0.01

    An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to…

  • CVE-2018-11044MedJul 24, 2018
    risk 0.42cvss 6.5epss 0.01

    Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user…

  • CVE-2018-1278MedMay 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be…

  • CVE-2018-1200MedMar 16, 2018
    risk 0.42cvss 6.5epss 0.01

    Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.

  • CVE-2016-0781MedMay 25, 2017
    risk 0.40cvss 6.1epss 0.01

    The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java…

  • CVE-2015-3190MedMay 25, 2017
    risk 0.40cvss 6.1epss 0.01

    With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect…

  • CVE-2016-0927MedSep 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2023-0342Jun 9, 2023
    risk 0.05cvss epss 0.01

    MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12