CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15795

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.3%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

http://www.securityfocus.com/bid/105915
https://pivotal.io/security/cve-2018-15795
http://www.securityfocus.com/bid/105915
https://pivotal.io/security/cve-2018-15795

Products affected by CVE-2018-15795

Pivotal Software » Credhub Service Broker » Version: 1.0.0

cpe:2.3:a:pivotal_software:credhub_service_broker:1.0.0
Pivotal Software » Credhub Service Broker » Version: 1.0.1

cpe:2.3:a:pivotal_software:credhub_service_broker:1.0.1
Pivotal Software » Credhub Service Broker » Version: 1.0.2

cpe:2.3:a:pivotal_software:credhub_service_broker:1.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15795

Products

Pricing

Contact Us