CVE-2018-1200 — Sensitive Information Exposure in Software Pivotal Application Service

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 40.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Pivotal Application Service Dell EMC Apps Manager FOR PCF

Timeline

PublishedMar 16

Latest updateMay 14

Description

Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDpivotal_software/pivotal_application_service1.11.0 — 1.11.26+2

▶CVEListV5dell_emc/apps_manager_for_pcfPivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected.

🔴Vulnerability Details

GHSA

GHSA-fw72-gg7h-4j2v: Apps Manager for PCF (Pivotal Application Service 1↗2022-05-14

▶

CVEList

CVE-2018-1200: Apps Manager for PCF (Pivotal Application Service 1↗2018-03-16

▶

💥Exploits & PoCs

Exploit-DB

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting↗2018-05-22

▶

Exploit-DB

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery↗2018-05-21

▶