Org.cloudfoundry.identity:cloudfoundry-identity-server

This hub aggregates every CVE we track for Org.cloudfoundry.identity:cloudfoundry-identity-server, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH8MEDIUM6CRITICAL5LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Org.cloudfoundry.identity:cloudfoundry-identity-server.

CVE-2018-15761UAA Privilege Escalation9.9Nov 19, 2018
CVE-2018-11047Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints ...7.5Jul 24, 2018
CVE-2018-11041Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect ...6.1Jun 25, 2018
CVE-2018-1262Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone adminis...7.2May 15, 2018
CVE-2018-1192In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4....8.8Feb 1, 2018
CVE-2018-1190An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions ...6.1Jan 4, 2018
CVE-2017-8031An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some ...5.3Nov 27, 2017
CVE-2015-5171The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified ...9.8Oct 24, 2017
CVE-2015-5170Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attac...8.8Oct 24, 2017
CVE-2015-5172Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expir...9.8Oct 24, 2017
CVE-2017-8032In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and o...6.6Jul 10, 2017
CVE-2017-4992An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13,...9.8Jun 13, 2017
CVE-2017-4973An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, ...8.8Jun 13, 2017
CVE-2017-4974An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, ...6.5Jun 13, 2017
CVE-2017-4991An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12,...7.2Jun 13, 2017

Product normalization is registry-driven with AI assist and human review. How it works