CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15754

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.7%

CVSS Severity

CVSS v3 Score 4.2

CVSS v2 Score 4.0

References

Products affected by CVE-2018-15754

Pivotal Software » Cloud Foundry Uaa-Release » Version: 60.2

cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:60.2
Pivotal Software » Cloud Foundry Uaa-Release » Version: 61.0

cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:61.0
Pivotal Software » Cloud Foundry Uaa-Release » Version: 62.0

cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:62.0
Pivotal Software » Cloud Foundry Uaa-Release » Version: 63.0

cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:63.0
Pivotal Software » Cloud Foundry Uaa-Release » Version: 64.0

cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:64.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15754

Products

Pricing

Contact Us