Cloud Foundry UAA
Moderate fix1 remedy
cpe:2.3:a:cloudfoundry:uaa:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 77.30.0, <= 78.7.0
Cloud Foundry UAA SAML 2.0 Signature Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists in Cloud Foundry UAA versions 77.30.0 prior to 78.7.0, as well as in CF Deployment versions 48.7.0 prior to 54.14.0. This vulnerability allows an attacker to bypass SAML 2.0 signature requirements, enabling them to obtain a token for any user and access UAA-protected systems. The issue arises because UAA accepts SAML 2.0 bearer assertions that are not signed or encrypted, but only when SAML 2.0 bearer assertions are enabled for a client.
Impact
Exploitation of this vulnerability allows for unauthorized access to UAA-protected systems by obtaining tokens for any user.
Remediation
Users are advised to upgrade to UAA version 78.9.0 or greater and to upgrade CF Deployment to version 55.0.0 or greater, which includes UAA version 78.10.0.
Added: Apr 17, 2026, 1:27 AM
Updated: Apr 17, 2026, 1:27 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
5.4exploitability
7.6remediation
7.7relevance
6.1threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.