Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:5EA2C5AAEE68B048A4F17B33C2C51420
HistoryFeb 06, 2019 - 12:00 a.m.

Cloud Foundry products uses vulnerable versions of Java | Cloud Foundry

2019-02-0600:00:00
Cloud Foundry
www.cloudfoundry.org
53

0.004 Low

EPSS

Percentile

73.8%

JSON

Severity

Critical

Vendor

Cloud Foundry

Affected Cloud Foundry Products and Versions

Severity is Critical unless otherwise noted.

  • Credhub
    • 1.7.x prior to 1.7.9
    • 1.9.x prior to 1.9.9
    • 2.1.x prior to 2.1.2
  • Java Buildpack
    • All versions prior to 4.16.1
  • Ruby Buildpack
    • All versions prior to 1.7.25
  • UAA Release
    • All versions prior to 66.0

Description

Cloud Foundry products use a vulnerable version of Java. The vulnerabilities in java and versions affected are listed in CVE-2018-3149, CVE-2018-3183, CVE-2018-3214, and CVE-2018-3180.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • Credhub: 1.7.9, 1.9.9, 2.1.2
    • Java Buildpack: 4.16.1
    • Ruby Buildpack: 1.7.25
    • UAA Release: 66.0
  • Restage any apps using the Java Buildpack or Ruby Buildpack after upgrading the buildpacks to the appropriate version.

References

History

2019-2-4: Initial vulnerability report published

Related

nessus 70
ibm 28
openvas 27
mageia 1
oraclelinux 5
amazon 4
osv 2
centos 5
redhat 17
photon 3
debian 2
ubuntu 2
aix 1
suse 2
kaspersky 1
veracode 4
prion 3
debiancve 2
alpinelinux 3
cvelist 3
ubuntucve 3
redhatcve 3
cve 3
nvd 3
f5 2
nessus
nessus
Oracle JRockit JDK R28.3.19 Multiple Vulnerabilities (October 2018 CPU)
2018-10-31 00:00:00
RHEL 7 : java-1.8.0-openjdk (RHSA-2018:2942)
2018-10-18 00:00:00
RHEL 6 : java-1.8.0-openjdk (RHSA-2018:2943)
2018-10-18 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF
2018-12-05 19:50:02
Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785)
2019-02-25 21:30:02
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor
2019-02-22 13:30:01
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2018-1386)
2020-01-23 00:00:00
CentOS Update for java CESA-2018:2942 centos7
2018-10-23 00:00:00
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2018-1416)
2020-01-23 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2018-11-03 14:55:18
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2018-10-17 00:00:00
java-1.8.0-openjdk security update
2018-10-17 00:00:00
java-1.7.0-openjdk security update
2018-11-07 00:00:00
amazon
amazon
Critical: java-1.8.0-openjdk
2018-10-25 16:14:00
Critical: java-1.8.0-openjdk
2018-11-05 19:33:00
Critical: java-1.7.0-openjdk
2018-12-06 00:28:00
osv
osv
openjdk-8 - security update
2018-10-25 00:00:00
openjdk-7 - security update
2018-11-22 00:00:00
centos
centos
java security update
2018-10-22 16:25:25
java security update
2018-10-22 14:45:40
java security update
2018-11-20 15:18:46
redhat
redhat
(RHSA-2018:2942) Critical: java-1.8.0-openjdk security update
2018-10-17 19:48:34
(RHSA-2018:2943) Critical: java-1.8.0-openjdk security update
2018-10-17 19:48:47
(RHSA-2018:3533) Critical: java-1.8.0-ibm security update
2018-11-08 22:22:18
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0192
2018-10-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0106
2018-11-02 00:00:00
Critical Photon OS Security Update - PHSA-2018-0192
2018-10-25 00:00:00
debian
debian
[SECURITY] [DSA 4326-1] openjdk-8
2018-10-25 21:22:38
[SECURITY] [DLA 1590-1] openjdk-7 security update
2018-11-22 22:14:25
ubuntu
ubuntu
OpenJDK vulnerabilities
2018-10-30 00:00:00
OpenJDK 7 vulnerabilities
2018-11-16 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2018-12-14 12:06:34
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-01-12 00:00:00
Security update for java-11-openjdk (moderate)
2018-10-19 00:10:37
kaspersky
kaspersky
KLA11340 Multiple vulnerabilities in Oracle Java SE
2018-10-16 00:00:00
veracode
veracode
Privilege Escalation
2019-05-16 03:19:25
Denial Of Service (DoS)
2019-05-16 03:19:25
Privilege Escalation
2019-05-16 03:20:34
prion
prion
Design/Logic Flaw
2018-10-17 01:31:00
Design/Logic Flaw
2018-10-17 01:31:00
Design/Logic Flaw
2018-10-17 01:31:00
debiancve
debiancve
CVE-2018-3149
2018-10-17 01:31:17
CVE-2018-3214
2018-10-17 01:31:23
alpinelinux
alpinelinux
CVE-2018-3149
2018-10-17 01:31:17
CVE-2018-3214
2018-10-17 01:31:23
CVE-2018-3183
2018-10-17 01:31:20
cvelist
cvelist
CVE-2018-3149
2018-10-17 01:00:00
CVE-2018-3214
2018-10-17 01:00:00
CVE-2018-3183
2018-10-17 01:00:00
ubuntucve
ubuntucve
CVE-2018-3149
2018-10-16 00:00:00
CVE-2018-3183
2018-10-16 00:00:00
CVE-2018-3214
2018-10-16 00:00:00
redhatcve
redhatcve
CVE-2018-3149
2020-11-29 07:58:03
CVE-2018-3214
2019-11-05 22:25:24
CVE-2018-3183
2019-11-05 22:25:22
cve
cve
CVE-2018-3214
2018-10-17 01:31:23
CVE-2018-3149
2018-10-17 01:31:17
CVE-2018-3183
2018-10-17 01:31:20
nvd
nvd
CVE-2018-3214
2018-10-17 01:31:23
CVE-2018-3149
2018-10-17 01:31:17
CVE-2018-3183
2018-10-17 01:31:20
f5
f5
K86075480 : Java SE vulnerability CVE-2018-3214
2019-01-07 00:00:00
K95003704 : Java SE vulnerability CVE-2018-3183
2019-02-01 00:00:00

0.004 Low

EPSS

Percentile

73.8%

JSON
Related for CFOUNDRY:5EA2C5AAEE68B048A4F17B33C2C51420
nessus70ibm28openvas27mageia1oraclelinux5amazon4osv2centos5redhat17photon3debian2ubuntu2aix1suse2kaspersky1veracode4prion3debiancve2alpinelinux3cvelist3ubuntucve3redhatcve3cve3nvd3f52