Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloudfoundry_uaa_release
(Pivotal_software)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-11-19 | CVE-2018-15761 | Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. | Cloud_foundry_uaa, Cloudfoundry_uaa_release | 8.8 | ||
| 2018-10-05 | CVE-2018-11082 | Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. | Cloudfoundry_uaa, Cloudfoundry_uaa_release | 9.8 |