✅ 檢查你的版本
所有已知漏洞
CRITICAL9.8CVE-2017-4992Cloud Foundry UAA privilege escalation with user invitations >= 2.0.0, < 2.7.4.17
CRITICAL9.8CVE-2015-5172Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password from 0, < 2.5.2
CRITICAL9.8CVE-2015-5171Cloud Foundry Runtime Insufficient Session Expiration vulnerability from 0, < 2.5.2
CRITICAL9.6CVE-2016-6637Cloud Foundry vulnerable to Cross-Site Request Forgery >= 2.0.0, < 2.7.4.7
HIGH8.8CVE-2018-1192Cloud Foundry UAA SessionID present in Audit Event Logs from 0, < 4.5.5
from 0, < 4.23.0
>= 2.0.0, < 2.7.4.14
HIGH8.8CVE-2015-5170Cloud Foundry Runtime Cross-Site Request Forgery vulnerability from 0, < 2.5.2
HIGH8.1CVE-2016-3084Cloud Foundry UAA reset password vulnerable to brute force attack from 0, < 3.3.0.1
HIGH7.5CVE-2018-11047Cloud Foundry UAA accepts refresh token as access token on admin endpoints from 0, < 4.5.7
HIGH7.5CVE-2017-4960Cloud Foundry denial of service vulnerability >= 3.10.0, < 3.12.0
HIGH7.2CVE-2017-4991Cloud Foundry UAA password reset vulnerability >= 2.0.0, < 2.7.4.16
HIGH7.2CVE-2018-1262UAA privilege escalation across identity zones >= 4.12.0, < 4.12.2
MEDIUM6.6CVE-2017-8032Cloud Foundry UAA Identity Zone Admin Privilege Escalation from 0, < 3.6.13
MEDIUM6.5CVE-2026-22723Cloudfoundry UAA has logic error in the token revocation endpoint implementation >= 77.30.0, < 78.8.0
MEDIUM6.5CVE-2017-4974Blind SQL Injection with privileged Cloud Foundry UAA endpoints >= 2.0.0, < 2.7.4.15
from 0, < 4.7.5
MEDIUM6.1CVE-2018-1190Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint >= 3.0.0, < 3.20.2
MEDIUM5.9CVE-2016-5016Cloud Foundry vulnerable to Improper Certificate Validation >= 3.0.0, < 3.3.0.3
MEDIUM5.3CVE-2017-8031Cloud Foundry UAA Denial of Service through client token revocation endpoint >= 4.6.0, < 4.7.1
LOW3.7CVE-2015-3189Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password from 0, < 2.2.5