📦

credhub

Vendor: cloudfoundry

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.14% Exploit Prob.

Latest CVE CVE-2020-5399 Feb 12

Security Vulnerability Index

Page 1 / 1

7.4 CVSS

CVE-2020-5399

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

EPSS: 0.20%

Severity: HIGH

Feb 12, 2020

9.8 CVSS

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

EPSS: 0.07%

Severity: CRITICAL

Apr 25, 2019

Displaying 2 of 2 Total Entries

Total 1 Sections