CVE-2018-15754
published 2018-12-13CVE-2018-15754: Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts…
PriorityP350high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.78%
75.5th percentile
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloud_foundry | uaa_release | >= 60 < 66.0 | 66.0 |
| pivotal_software | cloud_foundry_uaa-release | >= 60.0 < 66.0 | 66.0 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-13
Published