CVE-2019-3794
18.07.2019, 16:15
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.Enginsight
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | cloud_foundry_uaa | 𝑥 < 73.4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-1021 - Improper Restriction of Rendered UI Layers or FramesThe web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.