CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11279

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.5%

CVSS Severity

CVSS v3 Score 8.7

CVSS v2 Score 6.5

References

Products affected by CVE-2019-11279

Cloudfoundry » Uaa Release » Version: 10.0

cpe:2.3:a:cloudfoundry:uaa_release:10.0
Cloudfoundry » Uaa Release » Version: 11.0

cpe:2.3:a:cloudfoundry:uaa_release:11.0
Cloudfoundry » Uaa Release » Version: 11.1

cpe:2.3:a:cloudfoundry:uaa_release:11.1
Cloudfoundry » Uaa Release » Version: 11.2

cpe:2.3:a:cloudfoundry:uaa_release:11.2
Cloudfoundry » Uaa Release » Version: 11.3

cpe:2.3:a:cloudfoundry:uaa_release:11.3
Cloudfoundry » Uaa Release » Version: 11.4

cpe:2.3:a:cloudfoundry:uaa_release:11.4
Cloudfoundry » Uaa Release » Version: 11.5

cpe:2.3:a:cloudfoundry:uaa_release:11.5
Cloudfoundry » Uaa Release » Version: 11.7

cpe:2.3:a:cloudfoundry:uaa_release:11.7
Cloudfoundry » Uaa Release » Version: 12.0

cpe:2.3:a:cloudfoundry:uaa_release:12.0
Cloudfoundry » Uaa Release » Version: 12.1

cpe:2.3:a:cloudfoundry:uaa_release:12.1
Cloudfoundry » Uaa Release » Version: 12.2

cpe:2.3:a:cloudfoundry:uaa_release:12.2
Cloudfoundry » Uaa Release » Version: 12.3

cpe:2.3:a:cloudfoundry:uaa_release:12.3
Cloudfoundry » Uaa Release » Version: 12.4

cpe:2.3:a:cloudfoundry:uaa_release:12.4
Cloudfoundry » Uaa Release » Version: 12.5

cpe:2.3:a:cloudfoundry:uaa_release:12.5
Cloudfoundry » Uaa Release » Version: 12.6

cpe:2.3:a:cloudfoundry:uaa_release:12.6
Cloudfoundry » Uaa Release » Version: 13.0

cpe:2.3:a:cloudfoundry:uaa_release:13.0
Cloudfoundry » Uaa Release » Version: 13.1

cpe:2.3:a:cloudfoundry:uaa_release:13.1
Cloudfoundry » Uaa Release » Version: 13.10

cpe:2.3:a:cloudfoundry:uaa_release:13.10
Cloudfoundry » Uaa Release » Version: 13.11

cpe:2.3:a:cloudfoundry:uaa_release:13.11
Cloudfoundry » Uaa Release » Version: 13.12

cpe:2.3:a:cloudfoundry:uaa_release:13.12
Cloudfoundry » Uaa Release » Version: 13.13

cpe:2.3:a:cloudfoundry:uaa_release:13.13
Cloudfoundry » Uaa Release » Version: 13.14

cpe:2.3:a:cloudfoundry:uaa_release:13.14
Cloudfoundry » Uaa Release » Version: 13.15

cpe:2.3:a:cloudfoundry:uaa_release:13.15
Cloudfoundry » Uaa Release » Version: 13.16

cpe:2.3:a:cloudfoundry:uaa_release:13.16
Cloudfoundry » Uaa Release » Version: 13.17

cpe:2.3:a:cloudfoundry:uaa_release:13.17
Cloudfoundry » Uaa Release » Version: 13.18

cpe:2.3:a:cloudfoundry:uaa_release:13.18
Cloudfoundry » Uaa Release » Version: 13.2

cpe:2.3:a:cloudfoundry:uaa_release:13.2
Cloudfoundry » Uaa Release » Version: 13.3

cpe:2.3:a:cloudfoundry:uaa_release:13.3
Cloudfoundry » Uaa Release » Version: 13.4

cpe:2.3:a:cloudfoundry:uaa_release:13.4
Cloudfoundry » Uaa Release » Version: 13.5

cpe:2.3:a:cloudfoundry:uaa_release:13.5
Cloudfoundry » Uaa Release » Version: 13.6

cpe:2.3:a:cloudfoundry:uaa_release:13.6
Cloudfoundry » Uaa Release » Version: 13.7

cpe:2.3:a:cloudfoundry:uaa_release:13.7
Cloudfoundry » Uaa Release » Version: 13.8

cpe:2.3:a:cloudfoundry:uaa_release:13.8
Cloudfoundry » Uaa Release » Version: 13.9

cpe:2.3:a:cloudfoundry:uaa_release:13.9
Cloudfoundry » Uaa Release » Version: 14.0

cpe:2.3:a:cloudfoundry:uaa_release:14.0
Cloudfoundry » Uaa Release » Version: 15.0

cpe:2.3:a:cloudfoundry:uaa_release:15.0
Cloudfoundry » Uaa Release » Version: 16.0

cpe:2.3:a:cloudfoundry:uaa_release:16.0
Cloudfoundry » Uaa Release » Version: 17.0

cpe:2.3:a:cloudfoundry:uaa_release:17.0
Cloudfoundry » Uaa Release » Version: 18.0

cpe:2.3:a:cloudfoundry:uaa_release:18.0
Cloudfoundry » Uaa Release » Version: 19.0

cpe:2.3:a:cloudfoundry:uaa_release:19.0
Cloudfoundry » Uaa Release » Version: 2.0

cpe:2.3:a:cloudfoundry:uaa_release:2.0
Cloudfoundry » Uaa Release » Version: 20.0

cpe:2.3:a:cloudfoundry:uaa_release:20.0
Cloudfoundry » Uaa Release » Version: 21.0

cpe:2.3:a:cloudfoundry:uaa_release:21.0
Cloudfoundry » Uaa Release » Version: 22.0

cpe:2.3:a:cloudfoundry:uaa_release:22.0
Cloudfoundry » Uaa Release » Version: 23.0

cpe:2.3:a:cloudfoundry:uaa_release:23.0
Cloudfoundry » Uaa Release » Version: 24.0

cpe:2.3:a:cloudfoundry:uaa_release:24.0
Cloudfoundry » Uaa Release » Version: 24.1

cpe:2.3:a:cloudfoundry:uaa_release:24.1
Cloudfoundry » Uaa Release » Version: 24.10

cpe:2.3:a:cloudfoundry:uaa_release:24.10
Cloudfoundry » Uaa Release » Version: 24.11

cpe:2.3:a:cloudfoundry:uaa_release:24.11
Cloudfoundry » Uaa Release » Version: 24.12

cpe:2.3:a:cloudfoundry:uaa_release:24.12
Cloudfoundry » Uaa Release » Version: 24.13

cpe:2.3:a:cloudfoundry:uaa_release:24.13
Cloudfoundry » Uaa Release » Version: 24.14

cpe:2.3:a:cloudfoundry:uaa_release:24.14
Cloudfoundry » Uaa Release » Version: 24.2

cpe:2.3:a:cloudfoundry:uaa_release:24.2
Cloudfoundry » Uaa Release » Version: 24.3

cpe:2.3:a:cloudfoundry:uaa_release:24.3
Cloudfoundry » Uaa Release » Version: 24.4

cpe:2.3:a:cloudfoundry:uaa_release:24.4
Cloudfoundry » Uaa Release » Version: 24.5

cpe:2.3:a:cloudfoundry:uaa_release:24.5
Cloudfoundry » Uaa Release » Version: 24.6

cpe:2.3:a:cloudfoundry:uaa_release:24.6
Cloudfoundry » Uaa Release » Version: 24.7

cpe:2.3:a:cloudfoundry:uaa_release:24.7
Cloudfoundry » Uaa Release » Version: 24.8

cpe:2.3:a:cloudfoundry:uaa_release:24.8
Cloudfoundry » Uaa Release » Version: 24.9

cpe:2.3:a:cloudfoundry:uaa_release:24.9
Cloudfoundry » Uaa Release » Version: 25.0

cpe:2.3:a:cloudfoundry:uaa_release:25.0
Cloudfoundry » Uaa Release » Version: 26.0

cpe:2.3:a:cloudfoundry:uaa_release:26.0
Cloudfoundry » Uaa Release » Version: 27.0

cpe:2.3:a:cloudfoundry:uaa_release:27.0
Cloudfoundry » Uaa Release » Version: 28.0

cpe:2.3:a:cloudfoundry:uaa_release:28.0
Cloudfoundry » Uaa Release » Version: 29.0

cpe:2.3:a:cloudfoundry:uaa_release:29.0
Cloudfoundry » Uaa Release » Version: 3.0

cpe:2.3:a:cloudfoundry:uaa_release:3.0
Cloudfoundry » Uaa Release » Version: 30.0

cpe:2.3:a:cloudfoundry:uaa_release:30.0
Cloudfoundry » Uaa Release » Version: 30.1

cpe:2.3:a:cloudfoundry:uaa_release:30.1
Cloudfoundry » Uaa Release » Version: 30.2

cpe:2.3:a:cloudfoundry:uaa_release:30.2
Cloudfoundry » Uaa Release » Version: 30.3

cpe:2.3:a:cloudfoundry:uaa_release:30.3
Cloudfoundry » Uaa Release » Version: 30.4

cpe:2.3:a:cloudfoundry:uaa_release:30.4
Cloudfoundry » Uaa Release » Version: 30.5

cpe:2.3:a:cloudfoundry:uaa_release:30.5
Cloudfoundry » Uaa Release » Version: 30.6

cpe:2.3:a:cloudfoundry:uaa_release:30.6
Cloudfoundry » Uaa Release » Version: 30.7

cpe:2.3:a:cloudfoundry:uaa_release:30.7
Cloudfoundry » Uaa Release » Version: 30.8

cpe:2.3:a:cloudfoundry:uaa_release:30.8
Cloudfoundry » Uaa Release » Version: 30.9

cpe:2.3:a:cloudfoundry:uaa_release:30.9
Cloudfoundry » Uaa Release » Version: 31.0

cpe:2.3:a:cloudfoundry:uaa_release:31.0
Cloudfoundry » Uaa Release » Version: 32.0

cpe:2.3:a:cloudfoundry:uaa_release:32.0
Cloudfoundry » Uaa Release » Version: 33.0

cpe:2.3:a:cloudfoundry:uaa_release:33.0
Cloudfoundry » Uaa Release » Version: 34.0

cpe:2.3:a:cloudfoundry:uaa_release:34.0
Cloudfoundry » Uaa Release » Version: 34.1

cpe:2.3:a:cloudfoundry:uaa_release:34.1
Cloudfoundry » Uaa Release » Version: 34.2

cpe:2.3:a:cloudfoundry:uaa_release:34.2
Cloudfoundry » Uaa Release » Version: 34.3

cpe:2.3:a:cloudfoundry:uaa_release:34.3
Cloudfoundry » Uaa Release » Version: 35.0

cpe:2.3:a:cloudfoundry:uaa_release:35.0
Cloudfoundry » Uaa Release » Version: 36.0

cpe:2.3:a:cloudfoundry:uaa_release:36.0
Cloudfoundry » Uaa Release » Version: 37.0

cpe:2.3:a:cloudfoundry:uaa_release:37.0
Cloudfoundry » Uaa Release » Version: 38.0

cpe:2.3:a:cloudfoundry:uaa_release:38.0
Cloudfoundry » Uaa Release » Version: 39.0

cpe:2.3:a:cloudfoundry:uaa_release:39.0
Cloudfoundry » Uaa Release » Version: 4.0

cpe:2.3:a:cloudfoundry:uaa_release:4.0
Cloudfoundry » Uaa Release » Version: 40.0

cpe:2.3:a:cloudfoundry:uaa_release:40.0
Cloudfoundry » Uaa Release » Version: 41.0

cpe:2.3:a:cloudfoundry:uaa_release:41.0
Cloudfoundry » Uaa Release » Version: 41.1

cpe:2.3:a:cloudfoundry:uaa_release:41.1
Cloudfoundry » Uaa Release » Version: 43.0

cpe:2.3:a:cloudfoundry:uaa_release:43.0
Cloudfoundry » Uaa Release » Version: 44.0

cpe:2.3:a:cloudfoundry:uaa_release:44.0
Cloudfoundry » Uaa Release » Version: 45.0

cpe:2.3:a:cloudfoundry:uaa_release:45.0
Cloudfoundry » Uaa Release » Version: 45.1

cpe:2.3:a:cloudfoundry:uaa_release:45.1
Cloudfoundry » Uaa Release » Version: 45.10

cpe:2.3:a:cloudfoundry:uaa_release:45.10
Cloudfoundry » Uaa Release » Version: 45.11

cpe:2.3:a:cloudfoundry:uaa_release:45.11
Cloudfoundry » Uaa Release » Version: 45.2

cpe:2.3:a:cloudfoundry:uaa_release:45.2
Cloudfoundry » Uaa Release » Version: 45.3

cpe:2.3:a:cloudfoundry:uaa_release:45.3
Cloudfoundry » Uaa Release » Version: 45.4

cpe:2.3:a:cloudfoundry:uaa_release:45.4
Cloudfoundry » Uaa Release » Version: 45.5

cpe:2.3:a:cloudfoundry:uaa_release:45.5
Cloudfoundry » Uaa Release » Version: 45.6

cpe:2.3:a:cloudfoundry:uaa_release:45.6
Cloudfoundry » Uaa Release » Version: 45.7

cpe:2.3:a:cloudfoundry:uaa_release:45.7
Cloudfoundry » Uaa Release » Version: 45.8

cpe:2.3:a:cloudfoundry:uaa_release:45.8
Cloudfoundry » Uaa Release » Version: 45.9

cpe:2.3:a:cloudfoundry:uaa_release:45.9
Cloudfoundry » Uaa Release » Version: 48.0

cpe:2.3:a:cloudfoundry:uaa_release:48.0
Cloudfoundry » Uaa Release » Version: 5.0

cpe:2.3:a:cloudfoundry:uaa_release:5.0
Cloudfoundry » Uaa Release » Version: 50.0

cpe:2.3:a:cloudfoundry:uaa_release:50.0
Cloudfoundry » Uaa Release » Version: 51.0

cpe:2.3:a:cloudfoundry:uaa_release:51.0
Cloudfoundry » Uaa Release » Version: 52.0

cpe:2.3:a:cloudfoundry:uaa_release:52.0
Cloudfoundry » Uaa Release » Version: 52.1

cpe:2.3:a:cloudfoundry:uaa_release:52.1
Cloudfoundry » Uaa Release » Version: 52.10

cpe:2.3:a:cloudfoundry:uaa_release:52.10
Cloudfoundry » Uaa Release » Version: 52.2

cpe:2.3:a:cloudfoundry:uaa_release:52.2
Cloudfoundry » Uaa Release » Version: 52.4

cpe:2.3:a:cloudfoundry:uaa_release:52.4
Cloudfoundry » Uaa Release » Version: 52.5

cpe:2.3:a:cloudfoundry:uaa_release:52.5
Cloudfoundry » Uaa Release » Version: 52.6

cpe:2.3:a:cloudfoundry:uaa_release:52.6
Cloudfoundry » Uaa Release » Version: 52.7

cpe:2.3:a:cloudfoundry:uaa_release:52.7
Cloudfoundry » Uaa Release » Version: 52.8

cpe:2.3:a:cloudfoundry:uaa_release:52.8
Cloudfoundry » Uaa Release » Version: 52.9

cpe:2.3:a:cloudfoundry:uaa_release:52.9
Cloudfoundry » Uaa Release » Version: 53.0

cpe:2.3:a:cloudfoundry:uaa_release:53.0
Cloudfoundry » Uaa Release » Version: 53.1

cpe:2.3:a:cloudfoundry:uaa_release:53.1
Cloudfoundry » Uaa Release » Version: 53.2

cpe:2.3:a:cloudfoundry:uaa_release:53.2
Cloudfoundry » Uaa Release » Version: 53.3

cpe:2.3:a:cloudfoundry:uaa_release:53.3
Cloudfoundry » Uaa Release » Version: 54.0

cpe:2.3:a:cloudfoundry:uaa_release:54.0
Cloudfoundry » Uaa Release » Version: 55.0

cpe:2.3:a:cloudfoundry:uaa_release:55.0
Cloudfoundry » Uaa Release » Version: 55.1

cpe:2.3:a:cloudfoundry:uaa_release:55.1
Cloudfoundry » Uaa Release » Version: 55.2

cpe:2.3:a:cloudfoundry:uaa_release:55.2
Cloudfoundry » Uaa Release » Version: 56.0

cpe:2.3:a:cloudfoundry:uaa_release:56.0
Cloudfoundry » Uaa Release » Version: 57.0

cpe:2.3:a:cloudfoundry:uaa_release:57.0
Cloudfoundry » Uaa Release » Version: 57.1

cpe:2.3:a:cloudfoundry:uaa_release:57.1
Cloudfoundry » Uaa Release » Version: 57.2

cpe:2.3:a:cloudfoundry:uaa_release:57.2
Cloudfoundry » Uaa Release » Version: 57.3

cpe:2.3:a:cloudfoundry:uaa_release:57.3
Cloudfoundry » Uaa Release » Version: 57.4

cpe:2.3:a:cloudfoundry:uaa_release:57.4
Cloudfoundry » Uaa Release » Version: 58.0

cpe:2.3:a:cloudfoundry:uaa_release:58.0
Cloudfoundry » Uaa Release » Version: 58.1

cpe:2.3:a:cloudfoundry:uaa_release:58.1
Cloudfoundry » Uaa Release » Version: 59.0

cpe:2.3:a:cloudfoundry:uaa_release:59.0
Cloudfoundry » Uaa Release » Version: 6.0

cpe:2.3:a:cloudfoundry:uaa_release:6.0
Cloudfoundry » Uaa Release » Version: 60.0

cpe:2.3:a:cloudfoundry:uaa_release:60.0
Cloudfoundry » Uaa Release » Version: 60.2

cpe:2.3:a:cloudfoundry:uaa_release:60.2
Cloudfoundry » Uaa Release » Version: 61.0

cpe:2.3:a:cloudfoundry:uaa_release:61.0
Cloudfoundry » Uaa Release » Version: 62.0

cpe:2.3:a:cloudfoundry:uaa_release:62.0
Cloudfoundry » Uaa Release » Version: 63.0

cpe:2.3:a:cloudfoundry:uaa_release:63.0
Cloudfoundry » Uaa Release » Version: 64.0

cpe:2.3:a:cloudfoundry:uaa_release:64.0
Cloudfoundry » Uaa Release » Version: 66.0

cpe:2.3:a:cloudfoundry:uaa_release:66.0
Cloudfoundry » Uaa Release » Version: 67.0

cpe:2.3:a:cloudfoundry:uaa_release:67.0
Cloudfoundry » Uaa Release » Version: 68.0

cpe:2.3:a:cloudfoundry:uaa_release:68.0
Cloudfoundry » Uaa Release » Version: 69.0

cpe:2.3:a:cloudfoundry:uaa_release:69.0
Cloudfoundry » Uaa Release » Version: 7.0

cpe:2.3:a:cloudfoundry:uaa_release:7.0
Cloudfoundry » Uaa Release » Version: 70.0

cpe:2.3:a:cloudfoundry:uaa_release:70.0
Cloudfoundry » Uaa Release » Version: 71.0

cpe:2.3:a:cloudfoundry:uaa_release:71.0
Cloudfoundry » Uaa Release » Version: 72.0

cpe:2.3:a:cloudfoundry:uaa_release:72.0
Cloudfoundry » Uaa Release » Version: 8.0

cpe:2.3:a:cloudfoundry:uaa_release:8.0
Cloudfoundry » Uaa Release » Version: 9.0

cpe:2.3:a:cloudfoundry:uaa_release:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11279

Products

Pricing

Contact Us