CVE-2019-3775

Summary

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryUAA Release (OSS)All < v70.0affected

Weaknesses

  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

References