Free Trial

Multiple issues in Cloud Foundry Products

buy Clomiphene at walgreens Overview :
UAA logs all query parameters with debug logging level
Akwatia Affected Product(s) :
  • CF Deployment
    • All versions prior to v12.12.0
  • UAA Release
    • All versions prior to v74.10.0
Vulnerability Details :
CVE ID : CVE-2019-11293
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query param. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

Remediation / Fixes :

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • CF Deployment
    • Upgrade All versions to v12.12.0 or greater
  • UAA Release
    • Upgrade All versions to v74.10.0 or greater

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more
CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Learn more
CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the

Learn more