Vulnerability Details CVE-2019-3787
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.3%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 4.3
References
Products affected by CVE-2019-3787
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:11.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:12.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.12
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.13
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.14
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.15
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.16
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.17
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.18
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:13.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:14
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:15
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:16
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:17
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:18
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:19
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:20
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:21
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:22
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:23
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.12
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.13
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.14
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:24.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:25
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:26
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:27
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:28
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:29
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:30.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:31
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:32
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:33
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:34
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:34.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:34.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:34.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:35
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:36
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:37
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:38
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:39
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:40
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:41
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:41.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:43
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:44
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:48
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:50
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:51
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:54
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:55
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:55.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:55.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:56
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:59
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:60
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:60.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:61.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:62.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:63.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:64.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:66.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:67.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:68.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:69.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:70.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:71.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:72.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:9