This page lists publicly disclosed CVE vulnerabilities affecting pivotal_software cloudfoundry_uaa_release (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-15761 | Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. | [email protected] | 9.9 | 1.71% | 2018-11-19 | 2026-06-16 |
| CVE-2018-11082 | Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. | [email protected] | 6.6 | 1.10% | 2018-10-05 | 2026-06-16 |