Primary

Context

Cloud Foundry UAA Missing Zone Validation Vulnerability

Vulnerability

Patched

A vulnerability exists in Cloud Foundry UAA versions through 77.20.1 and 77.24.0, excluding releases 77.20.2 and 77.25.0. The issue arises in UAA instances configured with multiple identity zones, where session information is not properly validated across those zones. This flaw allows a user authenticated against a corporate identity provider to reuse their session ID to access other zones, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability could result in unauthorized access to different identity zones within the UAA, allowing users to bypass zone-specific authentication requirements.

Remediation

Users can upgrade to UAA version 77.20.2 or higher, or to version 77.25.0 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloud Foundry UAA Missing Zone Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cloud Foundry UAA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating