Vulnerability Details CVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
Products affected by CVE-2018-11041
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:50
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:51
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:54
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:55
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:55.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:56
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:59
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.10.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.10.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.11.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.14.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.15.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.16.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.17.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.18.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.6.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.7.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.7.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.7.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.7.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.7.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.7.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.8.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.8.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.8.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.8.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.9.0