pivotal_software

cloudfoundry_uaa_release

2 known vulnerabilities · sorted by CVSS score

CVE-2018-15761

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

pivotal_software / cloud_foundry_uaa+1

Network

Published Nov 19, 2018

CVE-2018-11082

MEDIUM6.6

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.

pivotal_software / cloudfoundry_uaa+1

Network

Published Oct 5, 2018