Filtered by vendor Pivotal Software
Subscribe
Filtered by product Cloudfoundry Uaa Release
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-15761 | 1 Pivotal Software | 2 Cloud Foundry Uaa, Cloudfoundry Uaa Release | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. | |||||
CVE-2018-11082 | 1 Pivotal Software | 2 Cloudfoundry Uaa, Cloudfoundry Uaa Release | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. |