CVE-2019-11274

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions prior to 74.0.0

Description The issue allows a remote unauthenticated malicious attacker to craft a URL that contains a SCIM filter with malicious JavaScript. This JavaScript may be executed by older browsers, leading to an XSS attack.

Recommendations For versions prior to 74.0.0, update to version 74.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SCIM filter functionality until a patch is applied. Avoid using older browsers that may execute malicious JavaScript in the affected URL.