CVE-2019-3775
7.1
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
Summary
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) | All < v70.0 | affected |
Weaknesses
- CWE-290: CWE-290: Authentication Bypass by Spoofing
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.