Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pivotal — Vulnerabilities & Security Advisories 65

Browse all 65 CVE security advisories affecting Pivotal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pivotal, now part of VMware, primarily develops cloud-native application platforms and container management solutions, enabling enterprises to deploy and scale microservices. Historically, its software stack has exhibited vulnerabilities typical of complex Java-based enterprise systems, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insecure default configurations, improper input validation, or outdated dependencies within its core platform components. While specific major public breaches directly attributed to Pivotal’s infrastructure are rare, the high volume of recorded CVEs indicates persistent challenges in securing its extensive codebase against exploitation. Security assessments frequently highlight the need for rigorous patch management and strict access controls to mitigate risks associated with its container orchestration tools. The organization’s security posture relies heavily on timely updates to address these recurring architectural weaknesses in its cloud infrastructure offerings.

Top products by Pivotal: Cloud Foundry Spring Framework Concourse Spring Security Spring Security OAuth Pivotal Ops Manager Reactor Netty Apps Manager Pivotal Application Service Pivotal Operations Manager Spring Integration Zip Application Service RabbitMQ Pivotal Application Service (PAS) Pivotal Container Service VMware Tanzu Application Service for VMs Pivotal Container Service (PKS) RabbitMQ for Pivotal Platform Pivotal tc Server 4.x Spring MVC On Demand Services SDK Greenplum Command Center RabbitMq for PCF Spring Data Commons Spring Cloud SSO Connector Cloud Cache Spring AMQP pivotal-ops-manager Operations Manager Pivotal Spring Data REST and Spring Boot
CVE IDTitleCVSSSeverityPublished
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint — ConcourseCWE-601 6.1 -2020-05-13
CVE-2020-5406 PCF Autoscaling logs its database credentials — VMware Tanzu Application Service for VMsCWE-522 8.8 -2020-04-10
CVE-2020-5403 DoS Via Malformed URL with Reactor Netty HTTP Server — Reactor NettyCWE-20 7.5 -2020-03-03
CVE-2020-5404 Authentication Leak On Redirect With Reactor Netty HttpClient — Reactor NettyCWE-522 7.1 -2020-03-03
CVE-2019-11288 tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation — Pivotal tc Server 4.xCWE-269 7.1 -2020-01-27
CVE-2013-6430 Pivotal Software Spring Framework‘JavaScriptUtils.javaScriptEscape()’方法跨站脚本漏洞 — Spring MVC 5.4 -2020-01-10
CVE-2019-11292 Pivotal Ops Manager logs query parameters in tomcat access file — Pivotal Ops ManagerCWE-532 6.5 -2020-01-08
CVE-2019-11287 RabbitMQ Web Management Plugin DoS via heap overflow — RabbitMQ for Pivotal PlatformCWE-400 7.5 -2019-11-22
CVE-2019-11291 RabbitMQ XSS attack via federation and shovel endpoints — RabbitMQCWE-79 4.8 -2019-11-22
CVE-2019-11284 Reactor Netty authentication leak in redirects — Reactor NettyCWE-522 7.5 -2019-10-17
CVE-2019-11281 RabbitMQ XSS attack — RabbitMQCWE-79 4.8 -2019-10-16
CVE-2019-11275 CSV Injection in usage report downloaded from Pivotal Application Manager — Apps ManagerCWE-74 3.5 -2019-10-01
CVE-2019-11280 Privilege escalation through the invitations service — Pivotal Application Service (PAS)CWE-269 8.8 -2019-09-20
CVE-2019-11276 Apps Manager sends tokens to Spring apps via HTTP — Pivotal Application Service (PAS)CWE-319 8.2 -2019-08-19
CVE-2019-11273 PKS Telemetry logs credentials — Pivotal Container Service (PKS)CWE-532 4.3 -2019-07-23
CVE-2019-3790 Ops Manager uaa client issues tokens after refresh token expiration — Pivotal Ops ManagerCWE-324 4.3 -2019-06-06
CVE-2019-3793 Invitations Service supports HTTP connections — Apps ManagerCWE-300 9.8 -2019-04-24
CVE-2019-3792 Concourse 5.0.0 SQL Injection vulnerability — ConcourseCWE-89 7.5 -2019-04-01
CVE-2019-3777 Apps Manager unverified SSL certs in Cloud Controller proxy — Apps ManagerCWE-295 9.1 -2019-03-07
CVE-2019-3776 Reflected XSS in Pivotal Operations Manager — Pivotal Ops ManagerCWE-79 6.1 -2019-03-07
CVE-2019-3803 Concourse includes token in CLI authentication callback — ConcourseCWE-200 7.5 -2019-01-12
CVE-2018-15798 Pivotal Concourse allows malicious redirect urls on login — Concourse 5.4 -2018-12-19
CVE-2018-1279 RabbitMQ cluster compromise due to deterministically generated cookie — RabbitMq for PCF 9.1 -2018-12-10
CVE-2018-15759 On Demand Services SDK Timing Attack Vulnerability — On Demand Services SDK 9.8 -2018-11-19
CVE-2018-15758 Privilege Escalation in spring-security-oauth2 — Spring Security OAuth 7.5 -2018-10-18
CVE-2018-15756 DoS Attack via Range Requests — Spring framework 8.2 -2018-10-18
CVE-2018-15763 PKS leaks IaaS Credentials to Application Logs — Pivotal Container Service 8.8 -2018-10-05
CVE-2018-11081 Pivotal Operations Manager UAA config - temp Ram Disk — pivotal-ops-manager 8.8 -2018-10-05
CVE-2018-1198 Pivotal Cloud Cache 安全漏洞 — Cloud Cache 8.8 -2018-09-17
CVE-2018-11088 Pivotal Application Service Pivotal Applications Manager 安全漏洞 — Application Service 8.8 -2018-09-17

This page lists every published CVE security advisory associated with Pivotal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.