pivotal software

Top products

The 15 most recently published vulnerabilities affecting pivotal software.

• CVE-2022-31683Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check...5.4Dec 19, 2022
• CVE-2021-22112Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once...8.8Feb 23, 2021
• CVE-2020-5419RabbitMQ arbitrary code execution using local binary planting6.7Aug 31, 2020
• CVE-2020-5415Concourse's GitLab auth allows impersonation10.0Aug 12, 2020
• CVE-2020-5411Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"8.1Jun 11, 2020
• CVE-2020-5408Dictionary attack with Spring Security queryable text encryptor6.5May 14, 2020
• CVE-2020-5409Concourse Open Redirect in the /sky/login endpoint6.1May 13, 2020
• CVE-2020-5407Signature Wrapping Vulnerability with spring-security-saml2-service-provider8.8May 13, 2020
• CVE-2020-5399CredHub does not properly enable TLS for MySQL database connections7.4Feb 12, 2020
• CVE-2013-6430The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attacker...5.4Jan 10, 2020
• CVE-2019-11292Pivotal Ops Manager logs query parameters in tomcat access file6.5Jan 8, 2020
• CVE-2019-11287RabbitMQ Web Management Plugin DoS via heap overflow7.5Nov 22, 2019
• CVE-2019-11283Password leak in smbdriver logs8.8Oct 23, 2019
• CVE-2019-11282UAA is vulnerable to a Blind SCIM injection leading to information disclosure4.3Oct 23, 2019
• CVE-2019-11281RabbitMQ XSS attack4.8Oct 16, 2019