CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15759

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.8%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 5.0

References

Products affected by CVE-2018-15759

Pivotal Software » Broker Api » Version: 1.0.0

cpe:2.3:a:pivotal_software:broker_api:1.0.0
Pivotal Software » Broker Api » Version: 2.0.0

cpe:2.3:a:pivotal_software:broker_api:2.0.0
Pivotal Software » Broker Api » Version: 2.0.1

cpe:2.3:a:pivotal_software:broker_api:2.0.1
Pivotal Software » Broker Api » Version: 2.0.2

cpe:2.3:a:pivotal_software:broker_api:2.0.2
Pivotal Software » Broker Api » Version: 2.0.3

cpe:2.3:a:pivotal_software:broker_api:2.0.3
Pivotal Software » Broker Api » Version: 2.0.4

cpe:2.3:a:pivotal_software:broker_api:2.0.4
Pivotal Software » Broker Api » Version: 2.0.5

cpe:2.3:a:pivotal_software:broker_api:2.0.5
Pivotal Software » Broker Api » Version: 3.0.0

cpe:2.3:a:pivotal_software:broker_api:3.0.0
Pivotal Software » Broker Api » Version: 3.0.1

cpe:2.3:a:pivotal_software:broker_api:3.0.1
Pivotal Software » On Demand Services Sdk » Version: 0.10.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.10.0
Pivotal Software » On Demand Services Sdk » Version: 0.10.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.10.1
Pivotal Software » On Demand Services Sdk » Version: 0.11.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.11.0
Pivotal Software » On Demand Services Sdk » Version: 0.12.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.12.0
Pivotal Software » On Demand Services Sdk » Version: 0.12.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.12.1
Pivotal Software » On Demand Services Sdk » Version: 0.12.3

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.12.3
Pivotal Software » On Demand Services Sdk » Version: 0.12.4

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.12.4
Pivotal Software » On Demand Services Sdk » Version: 0.13.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.13.0
Pivotal Software » On Demand Services Sdk » Version: 0.14.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.14.0
Pivotal Software » On Demand Services Sdk » Version: 0.14.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.14.1
Pivotal Software » On Demand Services Sdk » Version: 0.15.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.15.0
Pivotal Software » On Demand Services Sdk » Version: 0.15.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.15.1
Pivotal Software » On Demand Services Sdk » Version: 0.15.2

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.15.2
Pivotal Software » On Demand Services Sdk » Version: 0.15.3

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.15.3
Pivotal Software » On Demand Services Sdk » Version: 0.16.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.16.0
Pivotal Software » On Demand Services Sdk » Version: 0.16.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.16.1
Pivotal Software » On Demand Services Sdk » Version: 0.17.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.17.0
Pivotal Software » On Demand Services Sdk » Version: 0.17.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.17.1
Pivotal Software » On Demand Services Sdk » Version: 0.17.2

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.17.2
Pivotal Software » On Demand Services Sdk » Version: 0.17.3

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.17.3
Pivotal Software » On Demand Services Sdk » Version: 0.18.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.18.0
Pivotal Software » On Demand Services Sdk » Version: 0.19.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.19.0
Pivotal Software » On Demand Services Sdk » Version: 0.20.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.20.0
Pivotal Software » On Demand Services Sdk » Version: 0.21.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.21.0
Pivotal Software » On Demand Services Sdk » Version: 0.21.1

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.21.1
Pivotal Software » On Demand Services Sdk » Version: 0.21.2

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.21.2
Pivotal Software » On Demand Services Sdk » Version: 0.22.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.22.0
Pivotal Software » On Demand Services Sdk » Version: 0.23.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.23.0
Pivotal Software » On Demand Services Sdk » Version: 0.3.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.3.0
Pivotal Software » On Demand Services Sdk » Version: 0.4.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.4.0
Pivotal Software » On Demand Services Sdk » Version: 0.5.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.5.0
Pivotal Software » On Demand Services Sdk » Version: 0.6.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.6.0
Pivotal Software » On Demand Services Sdk » Version: 0.7.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.7.0
Pivotal Software » On Demand Services Sdk » Version: 0.8.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.8.0
Pivotal Software » On Demand Services Sdk » Version: 0.9.0

cpe:2.3:a:pivotal_software:on_demand_services_sdk:0.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15759

Products

Pricing

Contact Us