Cloud foundry uaa

This hub aggregates every CVE we track for Cloud foundry uaa, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cloud foundry uaa.

• CVE-2025-22216CVE-2025-22216 UAA Missing Zone Validation5.4Jan 31, 2025
• CVE-2019-11282UAA is vulnerable to a Blind SCIM injection leading to information disclosure4.3Oct 23, 2019
• CVE-2019-11270UAA clients.write vulnerability7.5Aug 5, 2019
• CVE-2019-3794UAA - Login app subject to clickjacking attack5.4Jul 18, 2019
• CVE-2018-15761UAA Privilege Escalation9.9Nov 19, 2018
• CVE-2018-11047Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints ...7.5Jul 24, 2018
• CVE-2018-11041Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect ...6.1Jun 25, 2018
• CVE-2018-1262Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone adminis...7.2May 15, 2018
• CVE-2018-1192In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4....8.8Feb 1, 2018
• CVE-2015-5173Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails w...8.8Oct 24, 2017
• CVE-2015-5171The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified ...9.8Oct 24, 2017
• CVE-2015-5170Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attac...8.8Oct 24, 2017
• CVE-2015-5172Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expir...9.8Oct 24, 2017
• CVE-2017-8032In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and o...6.6Jul 10, 2017
• CVE-2017-4992An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13,...9.8Jun 13, 2017