CVE-2019-11282

UAA is vulnerable to a Blind SCIM injection leading to information disclosure

CVSS 4.3 MEDIUMEPSS 1.1%CWE-200

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Cloud Foundry · CF Deployment Cloud Foundry · UAA Release

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cloudfoundry.org/blog/cve-2019-11282