CVE-2019-3787 (cloud_foundry_uaa-release)

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user’s email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user’s account.

View Full Alert

Related Posts

  • Move Your Data Center to the Cloud

    This was a very popular CIO Group Virtual Roundtable from last year. It has received well over 10,000 views. I love the quality of Garry’s research and passion he has…

  • Conversion to the Cloud Enables Client to See Light of Day

    RedZone Technologies successfully converted the email Exchange server of a one-thousand employee company to the cloud, eliminating the company’s old Exchange server located on site. The conversion and email migration…

  • CVE-2019-9673 (freenet)

    Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.