CVE-2018-11088 — Application Service vulnerability

3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 45.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Application Service Pivotal Software Pivotal Application Service

Timeline

PublishedSep 17

Latest updateMay 13

Description

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5pivotal/application_service2.0 — 2.0.21+2

▶NVDpivotal_software/pivotal_application_service2.0.0 — 2.0.21+2

🔴Vulnerability Details

GHSA

GHSA-vvcj-h4gm-hfrg: Pivotal Applications Manager in Pivotal Application Service, versions 2↗2022-05-13

▶

CVEList

CVE-2018-11088: Pivotal Applications Manager in Pivotal Application Service, versions 2↗2018-09-17

▶