Cloudfoundry - Uaa Release CVE

Filtered by vendor Cloudfoundry Subscribe

Filtered by product Uaa Release

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-3801	1 Cloudfoundry	3 Cf-deployment, Credhub, Uaa Release	2021-10-29	5.0 MEDIUM	9.8 CRITICAL
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

Vulnerabilities (CVE)