EPSS
Percentile
31.5%
cloud foundry uaa is vulnerable to cross-site request forgery (CSRF). The vulnerability exists as the OAuth2 state parameter is not being validated in the callback function when authenticating with external identity providers.
www.cloudfoundry.org/blog/cve-2020-5402
www.cloudfoundry.org/blog/cve-2020-5402/