Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ?clients.write? authority or scope can bypass the restrictions imposed on clients created via ?clients.write? and create clients with arbitrary scopes that he does not possess.
View Full Alert
Related Posts
CVE-2019-3787 (cloud_foundry_uaa-release)Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an…
CVE-2014-1983 (remote_service_manager)Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors. View Full Alert
CVE-2014-1984 (remote_service_manager)Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. View Full…