CVE-2019-3794
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) | All < v73.4.0 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control - Generic
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.