📦

uaa_release

Vendor: cloudfoundry

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 6 Total Indexed

Avg. EPSS 0.26% Exploit Prob.

Latest CVE CVE-2025-22246 May 13

Security Vulnerability Index

Page 1 / 1

3.0 CVSS

CVE-2025-22246

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

EPSS: 0.19%

Severity: LOW

May 13, 2025

8.8 CVSS

CVE-2019-11279

RCE

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

EPSS: 0.39%

Severity: HIGH

Sep 26, 2019

9.8 CVSS

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

EPSS: 0.07%

Severity: CRITICAL

Apr 25, 2019

8.7 CVSS

CVE-2019-3788

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

EPSS: 0.50%

Severity: HIGH

Apr 25, 2019

7.1 CVSS

CVE-2019-3775

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

EPSS: 0.13%

Severity: HIGH

Mar 07, 2019

Displaying 5 of 6 Total Entries

Total 1 Sections