CVE-2019-3794

Summary

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryUAA Release (OSS)All < v73.4.0affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control - Generic

ADP Enrichment

CVE Program Container

Additional References

References