HIGH🇬🇧 English

CVE-2018-1192

CVSS 8.8v3.0pub. 2018-02-01upd. 2024-11-21

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Pivotal Software Cloud Foundry Cf Deployment

    APP
    Pivotal Software
    < 1.7
  • Pivotal Software Cloud Foundry Cf Release

    APP
    Pivotal Software
    < 285
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    4.8.0 – 4.8.3 (bez)4.5.0 – 4.5.5 (bez)4.7.0 – 4.7.4 (bez)
  • Pivotal Software Cloud Foundry Uaa Release

    APP
    Pivotal Software
    45.752.753.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2017-4992CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...

CVE-2016-6637CRITICAL9.6ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x ...