CVE-2019-11274

Summary

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryUAA Release (OSS)prior to v74.0.0affected

Weaknesses

  • CWE-79: CWE-79: Cross-site Scripting (XSS) - Generic

ADP Enrichment

CVE Program Container

Additional References

References