Pivotal Application Security Team


Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: 16F6 51BF 4637 F486 C5E2 4635 19BB 5184 0191 92ED

It can be obtained from a public key server such as pgp.mit.edu.



Pivotal Product Vulnerability Reports
Date   CVE Reference   Description
15 May 2017 CVE-2017-4975 Tile generator sets open security groups
04 May 2017 CVE-2017-4966 RabbitMQ local storage of credentials
04 May 2017 CVE-2017-4965 XSS vulnerabilities in RabbitMQ management UI
27 Mar 2017 CVE-2017-2773 Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017 CVE-2017-4955 Credentials in Elastic Runtime Notifications errand log
14 Feb 2017 CVE-2017-4959 Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017 CVE-2016-9880 Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017 CVE-2016-9885 gfsh exposed over go router for GemFire for PCF
28 Dec 2016 CVE-2016-9879 Encoded "/" in path variables
28 Dec 2016 CVE-2016-0898 Service backups log AWS key
21 Dec 2016 CVE-2016-9878 Directory Traversal in the Spring Framework ResourceServlet
19 Dec 2016 CVE-2016-9877 RabbitMQ authentication vulnerability
31 Oct 2016 CVE-2016-6657 PCF Open Redirects
31 Oct 2016 CVE-2016-6656 Code injection vulnerability via GPHDFS in Greenplum database
30 Sep 2016 CVE-2016-6652 Spring Data JPA Blind SQL Injection Vulnerability
12 Sep 2016 CVE-2016-0930 Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Jul 2016 CVE-2016-0896 IaaS Metadata Endpoint Accessible from Application Containers
15 Jul 2016 CVE-2016-0929 RabbitMQ for PCF vulnerability
07 Jul 2016 CVE-2016-5007 Spring Security / MVC Path Matching Inconsistency
07 Jul 2016 CVE-2016-0926 Apps Manager XSS vulnerability
05 Jul 2016 CVE-2016-4977 Remote Code Execution (RCE) in Spring Security OAuth
29 Jun 2016 CVE-2016-0928 PCF Open Redirects
24 Jun 2016 CVE-2016-0897 Ops Manager vSphere and vCloud vulnerability
23 Jun 2016 CVE-2016-0927 Ops Manager XSS vulnerability
11 Apr 2016 CVE-2016-2173 Remote Code Execution in Spring AMQP​​​​
23 Mar 2016 CVE-2016-0780 Cloud Controller Disk Quota Enforcement
23 Mar 2016 CVE-2016-2165 Loggregator Request URL Paths
23 Mar 2016 CVE-2016-0781 UAA Persistent XSS Vulnerability
03 Feb 2016   CVE-2016-0883   PCF Ops Manager Weak Authentication Scheme
12 Nov 2015   CVE-2015-5258   Spring Social CSRF
15 Oct 2015   CVE-2015-5211   RFD Attack in Spring Framework
30 Jun 2015   CVE-2015-3192   DoS Attack with XML Input
06 Mar 2015   CVE-2015-0201   Insufficiently random session id in Java SockJS client
11 Nov 2014   CVE-2014-3625   Directory Traversal in Spring Framework
05 Sep 2014   CVE-2014-3578   Directory Traversal in Spring Framework
15 Aug 2014   CVE-2014-3527   Access Control Bypass in Spring Security
28 May 2014   CVE-2014-0225   Information Disclosure when using Spring MVC
11 Mar 2014   CVE-2014-1904   XSS when using Spring MVC
11 Mar 2014   CVE-2014-0097   Blank password may bypass user authentication
11 Mar 2014   CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014   CVE-2014-0053   Information Disclosure when using Grails
14 Jan 2014   CVE-2013-6430   Possible XSS when using Spring MVC
14 Jan 2014   CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 Aug 2013   CVE-2013-7315   Xml eXternal Entity (XXE) injection in Spring Framework
22 Aug 2013   CVE-2013-4152   Xml eXternal Entity (XXE) injection in Spring Framework

Notable Vulnerabilities in Dependencies[1]
Date   CVE Reference   Description Affected Pivotal Product(s)
19 May 2017 CVE-2017-4992 Privilege escalation with user invitations Pivotal Cloud Foundry
19 May 2017 CVE-2017-4991 UAA password reset vulnerability Pivotal Cloud Foundry
02 May 2017 USN-3265-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
01 May 2017 CVE-2017-4974 Blind SQL Injection with privileged UAA endpoints Pivotal Cloud Foundry
20 Apr 2017 CVE-2015-3281 HAProxy vulnerabilities Pivotal Cloud Foundry
20 Apr 2017 CVE-2017-4973 Privilege Escalation in UAA Pivotal Cloud Foundry
20 Apr 2017 CVE-2017-4972 Blind SQL Injection in UAA Pivotal Cloud Foundry
13 Apr 2017 CVE-2017-4969 Bug in CC allows users to exceed quotas Pivotal Cloud Foundry
12 Apr 2017 USN-3256-2 Linux kernel (HWE) vulnerability Pivotal Cloud Foundry
10 Apr 2017 CVE-2017-4970 Staticfile buildpack ignores basic authentication when misconfigured Pivotal Cloud Foundry
06 Apr 2017 USN-3243-1 Git vulnerability Pivotal Cloud Foundry
06 Apr 2017 USN-3241-1 audiofile vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3239-2 GNU C Library Regression Pivotal Cloud Foundry
06 Apr 2017 USN-3237-1 FreeType vulnerability Pivotal Cloud Foundry
06 Apr 2017 USN-3235-1 libxml2 vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3232-1 ImageMagick vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3227-1 ICU vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3225-1 libarchive vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3183-2 GnuTLS vulnerability Pivotal Cloud Foundry
05 Apr 2017 CVE-2017-5649 Apache Geode privilege escalation vulnerability Pivotal GemFire
04 Apr 2017 USN-3201-1 Bind vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3234-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3228-1 libevent vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3247-1 AppArmor vulnerability Pivotal Cloud Foundry
04 Apr 2017 USN-3249-2 Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
31 Mar 2017 USN-3222-1 ImageMagick vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3213-1 GD library vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3212-1 LibTIFF vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3205-1 tcpdump vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3142-2 ImageMagick vulnerabilities Pivotal Cloud Foundry
29 Mar 2017 CVE-2017-4963 Session Fixation for UAA External Authentication Pivotal Cloud Foundry
17 Mar 2017 USN-3196-1 Multiple PHP vulnerabilities Pivotal Cloud Foundry
17 Mar 2017 USN-3185-1 libXpm vulnerability Pivotal Cloud Foundry
17 Mar 2017 USN-3193-1 Nettle vulnerability Pivotal Cloud Foundry
17 Mar 2017 USN-3183-1 GnuTLS vulnerabilities Pivotal Cloud Foundry
14 Mar 2017 USN-3189-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Mar 2017 CVE-2017-5638 Apache Struts Remote Code Execution Pivotal Cloud Foundry
13 Mar 2017 USN-3220-2 Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
09 Mar 2017 CVE-2017-4960 UAA OAuth DOS via lockout feature Pivotal Cloud Foundry
01 Mar 2017 USN-3208-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3172-1 Bind vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3169-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3161-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
23 Jan 2017 CVE-2016-6660 Cloud Controller logs application environment variables Pivotal Cloud Foundry
19 Jan 2017 USN-3024-1 tomcat6, tomcat7 vulnerabilities Pivotal Cloud Foundry
12 Jan 2017 RunC Exec RunC Exec Vulnerability Pivotal Cloud Foundry
10 Jan 2017 CVE-2016-9882 Cloud Foundry Logs Service Credentials Pivotal Cloud Foundry
29 Dec 2016 CVE-2016-3958 and CVE-2016-3959 Golang vulnerabilities Pivotal Cloud Foundry
27 Dec 2016 USN-3146-2 Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
27 Dec 2016 USN-3128-2 Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
27 Dec 2016 USN-3142-1 ImageMagick vulnerabilities Pivotal Cloud Foundry
22 Dec 2016 CVE-2016-8219 Space Auditor can restage apps Pivotal Cloud Foundry
21 Dec 2016 Multiple CVEs httpoxy vulnerabilities Pivotal Cloud Foundry
20 Dec 2016 USN-3156-1 APT vulnerability Pivotal Cloud Foundry
19 Dec 2016 USN-3131-1 ImageMagick vulnerabilities Pivotal Cloud Foundry
19 Dec 2016 USN-3067-1 HarfBuzz vulnerabilities Pivotal Cloud Foundry
19 Dec 2016 USN-3117-1 GD library vulnerabilities Pivotal Cloud Foundry
14 Dec 2016 USN-3132-1 tar vulnerability Pivotal Cloud Foundry
14 Dec 2016 USN-3134-1 Python vulnerabilities Pivotal Cloud Foundry
14 Dec 2016 USN-3139-1 Vim vulnerability Pivotal Cloud Foundry
14 Dec 2016 CVE-2016-6659 UAA Privilege Escalation Pivotal Cloud Foundry
14 Dec 2016 USN-3116-1 DBus vulnerabilities Pivotal Cloud Foundry
14 Dec 2016 USN-3119-1 Bind vulnerability Pivotal Cloud Foundry
13 Dec 2016 USN-3123-1 curl vulnerability Pivotal Cloud Foundry
13 Dec 2016 USN-3088-1 Bind vulnerability Pivotal Cloud Foundry
09 Dec 2016 CVE-2016-8218 Unauthenticated JWT signing algorithm in routing Pivotal Cloud Foundry
07 Dec 2016 USN-3151-2 Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
17 Nov 2016 Several PCRE vulnerabilities prior to version 8.39 Pivotal Cloud Foundry
17 Nov 2016 CVE-2016-6663/CVE-2016-6664 MariaDB Root Privilege Escalation Pivotal Cloud Foundry
07 Nov 2016 USN-3096-1 NTP vulnerabilities Pivotal Cloud Foundry
07 Nov 2016 USN-3095-1 PHP vulnerabilities Pivotal Cloud Foundry
02 Nov 2016 CVE-2016-6658 Incomplete fix for Credential Vulnerability for Custom Buildpacks Pivotal Cloud Foundry
21 Oct 2016 CVE-2016-5195 Linux kernel vulnerability Pivotal Cloud Foundry
17 Oct 2016 CVE-2016-6655 Utility Script Command Injection Pivotal Cloud Foundry
17 Oct 2016 USN-3099-2 Linux kernel vulnerabilities Pivotal Cloud Foundry
29 Sep 2016 CVE-2016-6653 MySQL Audit logs sent to Syslog Pivotal Cloud Foundry
28 Sep 2016 USN-3087-2 OpenSSL Regression Pivotal Cloud Foundry
28 Sep 2016 USN-3083-1 Linux kernel vulnerabilities Pivotal Cloud Foundry
28 Sep 2016 USN-3068-1 Libidn vulnerabilities Pivotal Cloud Foundry
28 Sep 2016 CVE-2016-6662 MySQL vulnerabilities Pivotal Cloud Foundry
28 Sep 2016 USN-3085-1 GDK-PixBuf vulnerabilities Pivotal Cloud Foundry
26 Sep 2016 CVE-2016-6651 Privilege Escalation in UAA Pivotal Cloud Foundry
26 Sep 2016 CVE-2016-6636 UAA Open Redirect Vulnerability for Subdomains Pivotal Cloud Foundry
26 Sep 2016 CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals Pivotal Cloud Foundry
21 Sep 2016 CVE-2014-9130 LibYAML vulnerability Pivotal Cloud Foundry
09 Sep 2016 CVE-2016-6639 PHP Buildpack exposes .profile file Pivotal Cloud Foundry
09 Sep 2016 USN-3045-1 PHP vulnerabilities Pivotal Cloud Foundry
25 Aug 2016 USN-3065-1 Libgcrypt vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3064-1 GnuPG vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3063-1 Fontconfig vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3061-1 OpenSSH vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3030-1/USN-3060-1 GD library vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3053-1/USN-3037-1 Linux kernel (Vivid HWE) vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3048-1 curl vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3033-1 libarchive vulnerability Pivotal Cloud Foundry
18 Aug 2016 CVE-2016-5016 UAA accepts expired certificates Pivotal Cloud Foundry
26 Jul 2016 CVE-2016-5006 Cloud Controller API logs user-provided service credentials Pivotal Cloud Foundry
13 Jul 2016 CVE-2016-4450 Nginx Vulnerabilities Pivotal Cloud Foundry
13 Jul 2016 USN 3010-1 Expat vulnerability Pivotal Cloud Foundry
13 Jul 2016 USN 3012-1 Wget vulnerability Pivotal Cloud Foundry
01 Jul 2016 USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
30 Jun 2016 CVE-2016-4468 UAA SQL Injection Pivotal Cloud Foundry
15 Jun 2016 USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 CVE-2016-4435 BOSH Agent Anonymous Endpoint Pivotal Cloud Foundry
13 Jun 2016 USN-2994-1 libxml2 vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2991-1 nginx vulnerability Pivotal Cloud Foundry
13 Jun 2016 USN-2990-1 ImageMagick vulnerability Pivotal Cloud Foundry
13 Jun 2016 USN-2987-1 GD library vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2985-2 GNU C Library regression Pivotal Cloud Foundry
13 Jun 2016 USN-2983-1 Expat vulnerability Pivotal Cloud Foundry
13 Jun 2016 USN-2981-1 libarchive vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2966-1 OpenSSH vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2961-1 Little CMS vulnerability Pivotal Cloud Foundry
08 Jun 2016 CVE-2013-7456 PHP vulnerabilities Pivotal Cloud Foundry
03 Jun 2016 USN-2970-1 Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
23 May 2016 CVE-2016-3084 UAA Password Reset Vulnerability Pivotal Cloud Foundry
19 May 2016 USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
17 May 2016 CVE-2016-3091 Diego log encoding vulnerability Diego-release
06 May 2016 USN-2959-1 OpenSSL vulnerabilities Pivotal Cloud Foundry
06 May 2016 USN-2957-1 Libtasn1 vulnerability Pivotal Cloud Foundry
06 May 2016 USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
06 May 2016 USN-2943-1 PCRE vulnerabilities Pivotal Cloud Foundry
06 May 2016 USN-2935-2 PAM regression Pivotal Cloud Foundry
02 May 2016 CVE-2015-5170-5173 UAA vulnerabilities Pivotal Cloud Foundry
14 Apr 2016 Badlock bug Samba and Windows Vulnerabilities n/a
24 Mar 2016 USN-2939-1 LibTIFF vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2927-1 Graphite2 vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2925-1 Bind9 vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2919-1 JasPer vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2918-1 Pixman vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2916-1 Perl vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2914-1 OpenSSL vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 NPM Ownership Issue Warning about NPM modules Pivotal Cloud Foundry
24 Mar 2016 USN-2938-1 Git vulnerabilities Pivotal Cloud Foundry
16 Mar 2016 USN-2932-1 Linux kernel vulnerabilities Pivotal Cloud Foundry
02 Mar 2016 CVE-2016-0800 OpenSSL vulnerabilities Pivotal Cloud Foundry
26 Feb 2016 USN-2910-1 Linux kernel vulnerability Pivotal Cloud Foundry
26 Feb 2016 CVE-2016-0761 Garden Docker Image Host Files Corruption Pivotal Cloud Foundry
19 Feb 2016 USN-2900-1 GNU libc vulnerability Pivotal Cloud Foundry
02 Feb 2016 CVE-2016-0732 UAA Privilege Escalation Pivotal Cloud Foundry
22 Jan 2016 USN-2871-1 Linux kernel vulnerability Pivotal Cloud Foundry
20 Jan 2016 CVE-2016-0715 Java Buildpack vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2865-1 GnuTLS vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2861-1 libpng vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2868-1 DHCP vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2869-1 OpenSSH vulnerability Pivotal Cloud Foundry
18 Jan 2016 CVE-2016-0708 Java Buildpack vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2857-1 Linux kernel vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2842-1/USN-2842-2 Linux kernel vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2837-1 bind vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2836-1 GRUB vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2835-1 git vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2834-1 libxml vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2830-1 OpenSSL vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2829-1 Linux kernel vulnerability Pivotal Cloud Foundry
15 Dec 2015 CVE-2015-5350 Garden Linux File vulnerability Pivotal Cloud Foundry
04 Dec 2015 USN-2821-1 GnuTLS vulnerability Pivotal Cloud Foundry
04 Dec 2015 USN-2820-1 dpkg vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2815-1 PNG vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2812-1 libxml2 vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2810-1 Kerberos vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2787-1 audiofile vulnerability Pivotal Cloud Foundry
24 Nov 2015 USN-2788-1/2788-2 unzip vulnerability Pivotal Cloud Foundry
12 Nov 2015 USN-2806-1 Linux kernel vulnerability Pivotal Cloud Foundry
12 Nov 2015 USN-2798-1 Linux kernel vulnerability Pivotal Cloud Foundry
03 Nov 2015 USN-2767-1 GDK-Pixbuf library vulnerability Pivotal Cloud Foundry
03 Nov 2015 USN-2778-1 Linux kernel vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 Golang Golang 1.4.3 CVE Fixes Pivotal Cloud Foundry
07 Oct 2015 USN-2722-1 GDK-PixBuf Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2711-1 Net-SNMP Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2739-1 FreeType Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2740-1 ICU Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2751-1 Linux Kernel (Vivid HWE) Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2756-1 rpcbind Vulnerability Pivotal Cloud Foundry
07 Oct 2015 USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
08 Sep 2015 USN-2710-1 OpenSSH Vulnerabilities Pivotal Cloud Foundry
08 Sep 2015 USN-2698-1 SQLite Vulnerabilities Pivotal Cloud Foundry
08 Sep 2015 USN-2694-1 PCRE Vulnerabilities Pivotal Cloud Foundry
08 Sep 2015 USN-2718-1 Address Configuration Change Vulnerabilities Pivotal Cloud Foundry
06 Aug 2015 USN-2696-1 OpenJDK 7 Vulnerabilities Pivotal Cloud Foundry
29 Jul 2015 CVE-2015-3290 Linux Kernel NMI vulnerability Pivotal Cloud Foundry
10 Jul 2015 CVE-2015-1420 file_handle size verification Pivotal Cloud Foundry
06 Jul 2015 CVE-2015-1330 Unattended-upgrades vulnerability Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3189 Expire old reset password links UAA, Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3190 Open Redirect on Login UAA, Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3191 CSRF attack on change email UAA, Pivotal Cloud Foundry
17 Jun 2015 CVE-2015-1328 overlayfs privilege escalation Pivotal Cloud Foundry
12 Jun 2015 USN-2639-1 openssl updates Pivotal Cloud Foundry
12 Jun 2015 CVE-2015-3636 ipv4 use-after-free Pivotal Cloud Foundry
09 Jun 2015 Redis LUA Sandbox Redis Pivotal Cloud Foundry
22 May 2015 CVE-2015-1834 CC Path Traversal Pivotal Cloud Foundry
22 May 2015 USN-2617-1 FUSE Vulnerability Pivotal Cloud Foundry
30 Apr 2015 CVE-2015-1855 Ruby OpenSSL Hostname Verification Pivotal Cloud Foundry
23 Mar 2015 CVE-2015-0282 Multiple GnuTLS Vulnerabilities Cloud Foundry
21 Mar 2015 USN-2537 Multiple OpenSSL Vulnerabiliies Pivotal Cloud Foundry
13 Mar 2015 CVE-2014-8159 Linux Kernel Infiniband Vulnerability
09 Feb 2015 CVE-2014-0227 Apache Tomcat Request ​​Smuggling Pivotal tc Server
28 Jan 2015   CVE-2015-0235   GHOST Pivotal Cloud Foundry
16 Oct 2014   CVE-2014-3566   POODLE (SSLv3) Pivotal Cloud Foundry
29 Sep 2014   CVE-2014-7186   Bash Out-of Bonds Pivotal Cloud Foundry
25 Sep 2014   CVE-2014-6271   Bash - ShellShock Pivotal Cloud Foundry
19 Sep 2014   CVE-2014-5119   glib_gconv_translit_find() exploit Pivotal Cloud Foundry
10 Sep 2014   CVE-2013-4444   Apache Tomcat Remote Code Execution​​ Pivotal tc Server
18 Aug 2014   CVE-2014-3153   Futex requeue exploit Pivotal Cloud Foundry
5 Jun 2014   CVE-2014-0224   SSL/TLS MITM Vulnerability vFabric Web Server
Pivotal Web Server
Enterprise Ready Server (ERS)
Greenplum Command Center (GPCC)
Greenplum Database (GPDB)
HAWQ
Pivotal Command Center (PCC)
Pivotal App Suite Virtual Appliance
GemFire Native Client
10 Apr 2014   CVE-2014-0160   Heartbleed vFabric Web Server
vFabric GemFire Native Client
Pivotal GemFire Native Client
Pivotal Command Center
Pivotal App Suite Virtual Appliance

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.



Thanks

The Pivotal Security Team would like to thank the following individuals and companies for responsibly reporting a security issue. Names appear in the order vulnerability reports were received, most recent first.

  • SaifAllah benMassaoud
  • Pradeep Kumar
  • Muhammad Abdullah
  • Koutrouss Naddara

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.