CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.5%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

https://pivotal.io/security/cve-2018-1256
https://pivotal.io/security/cve-2018-1256

Products affected by CVE-2018-1256

Vmware » Spring Cloud Sso Connector » Version: 2.1.2

cpe:2.3:a:vmware:spring_cloud_sso_connector:2.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1256

Products

Pricing

Contact Us