Vulnerabilities > CVE-2018-11082 - Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Cloudfoundry UAA Release

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pivotal-software

CWE-307

critical

NVD

Published: 2018-10-05

Updated: 2019-10-09

Summary

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloudfoundry UAA Release 2 Pivotal Software Cloudfoundry UAA Release 3 Pivotal Software Cloudfoundry UAA Release 4 Pivotal Software Cloudfoundry UAA Release 5 Pivotal Software Cloudfoundry UAA Release 6 Pivotal Software Cloudfoundry UAA Release 7 Pivotal Software Cloudfoundry UAA Release 8 Pivotal Software Cloudfoundry UAA Release 9 Pivotal Software Cloudfoundry UAA Release 10 Pivotal Software Cloudfoundry UAA Release 11 Pivotal Software Cloudfoundry UAA Release 11.1 Pivotal Software Cloudfoundry UAA Release 11.2 Pivotal Software Cloudfoundry UAA Release 11.3 Pivotal Software Cloudfoundry UAA Release 11.4 Pivotal Software Cloudfoundry UAA Release 11.5 Pivotal Software Cloudfoundry UAA Release 11.7 Pivotal Software Cloudfoundry UAA Release 12 Pivotal Software Cloudfoundry UAA Release 12.1 Pivotal Software Cloudfoundry UAA Release 12.2 Pivotal Software Cloudfoundry UAA Release 12.3 Pivotal Software Cloudfoundry UAA Release 12.4 Pivotal Software Cloudfoundry UAA Release 12.5 Pivotal Software Cloudfoundry UAA Release 12.6 Pivotal Software Cloudfoundry UAA Release 13 Pivotal Software Cloudfoundry UAA Release 13.1 Pivotal Software Cloudfoundry UAA Release 13.2 Pivotal Software Cloudfoundry UAA Release 13.3 Pivotal Software Cloudfoundry UAA Release 13.4 Pivotal Software Cloudfoundry UAA Release 13.5 Pivotal Software Cloudfoundry UAA Release 13.6 Pivotal Software Cloudfoundry UAA Release 13.7 Pivotal Software Cloudfoundry UAA Release 13.8 Pivotal Software Cloudfoundry UAA Release 13.9 Pivotal Software Cloudfoundry UAA Release 13.10 Pivotal Software Cloudfoundry UAA Release 13.11 Pivotal Software Cloudfoundry UAA Release 13.12 Pivotal Software Cloudfoundry UAA Release 13.13 Pivotal Software Cloudfoundry UAA Release 13.14 Pivotal Software Cloudfoundry UAA Release 13.15 Pivotal Software Cloudfoundry UAA Release 13.16 Pivotal Software Cloudfoundry UAA Release 13.17 Pivotal Software Cloudfoundry UAA Release 13.18 Pivotal Software Cloudfoundry UAA Release 14 Pivotal Software Cloudfoundry UAA Release 15 Pivotal Software Cloudfoundry UAA Release 16 Pivotal Software Cloudfoundry UAA Release 17 Pivotal Software Cloudfoundry UAA Release 18 Pivotal Software Cloudfoundry UAA Release 19 Pivotal Software Cloudfoundry UAA Release 20 Pivotal Software Cloudfoundry UAA Release 21 Pivotal Software Cloudfoundry UAA Release 22 Pivotal Software Cloudfoundry UAA Release 23 Pivotal Software Cloudfoundry UAA Release 24 Pivotal Software Cloudfoundry UAA Release 24.1 Pivotal Software Cloudfoundry UAA Release 24.2 Pivotal Software Cloudfoundry UAA Release 24.3 Pivotal Software Cloudfoundry UAA Release 24.4 Pivotal Software Cloudfoundry UAA Release 24.5 Pivotal Software Cloudfoundry UAA Release 24.6 Pivotal Software Cloudfoundry UAA Release 24.7 Pivotal Software Cloudfoundry UAA Release 24.8 Pivotal Software Cloudfoundry UAA Release 24.9 Pivotal Software Cloudfoundry UAA Release 24.10 Pivotal Software Cloudfoundry UAA Release 24.11 Pivotal Software Cloudfoundry UAA Release 24.12 Pivotal Software Cloudfoundry UAA Release 24.13 Pivotal Software Cloudfoundry UAA Release 24.14 Pivotal Software Cloudfoundry UAA Release 25 Pivotal Software Cloudfoundry UAA Release 26 Pivotal Software Cloudfoundry UAA Release 27 Pivotal Software Cloudfoundry UAA Release 28 Pivotal Software Cloudfoundry UAA Release 29 Pivotal Software Cloudfoundry UAA Release 30 Pivotal Software Cloudfoundry UAA Release 30.1 Pivotal Software Cloudfoundry UAA Release 30.2 Pivotal Software Cloudfoundry UAA Release 30.3 Pivotal Software Cloudfoundry UAA Release 30.4 Pivotal Software Cloudfoundry UAA Release 30.5 Pivotal Software Cloudfoundry UAA Release 30.6 Pivotal Software Cloudfoundry UAA Release 30.7 Pivotal Software Cloudfoundry UAA Release 30.8 Pivotal Software Cloudfoundry UAA Release 30.9 Pivotal Software Cloudfoundry UAA Release 31 Pivotal Software Cloudfoundry UAA Release 32 Pivotal Software Cloudfoundry UAA Release 33 Pivotal Software Cloudfoundry UAA Release 34 Pivotal Software Cloudfoundry UAA Release 34.1 Pivotal Software Cloudfoundry UAA Release 34.2 Pivotal Software Cloudfoundry UAA Release 34.3 Pivotal Software Cloudfoundry UAA Release 35 Pivotal Software Cloudfoundry UAA Release 36 Pivotal Software Cloudfoundry UAA Release 37 Pivotal Software Cloudfoundry UAA Release 38 Pivotal Software Cloudfoundry UAA Release 39 Pivotal Software Cloudfoundry UAA Release 40 Pivotal Software Cloudfoundry UAA Release 41 Pivotal Software Cloudfoundry UAA Release 41.1 Pivotal Software Cloudfoundry UAA Release 43 Pivotal Software Cloudfoundry UAA Release 44 Pivotal Software Cloudfoundry UAA Release 45 Pivotal Software Cloudfoundry UAA Release 45.1 Pivotal Software Cloudfoundry UAA Release 45.2 Pivotal Software Cloudfoundry UAA Release 45.3 Pivotal Software Cloudfoundry UAA Release 45.4 Pivotal Software Cloudfoundry UAA Release 45.5 Pivotal Software Cloudfoundry UAA Release 45.6 Pivotal Software Cloudfoundry UAA Release 45.7 Pivotal Software Cloudfoundry UAA Release 45.8 Pivotal Software Cloudfoundry UAA Release 45.9 Pivotal Software Cloudfoundry UAA Release 45.10 Pivotal Software Cloudfoundry UAA Release 45.11 Pivotal Software Cloudfoundry UAA Release 48 Pivotal Software Cloudfoundry UAA Release 50 Pivotal Software Cloudfoundry UAA Release 51 Pivotal Software Cloudfoundry UAA Release 52 Pivotal Software Cloudfoundry UAA Release 52.1 Pivotal Software Cloudfoundry UAA Release 52.2 Pivotal Software Cloudfoundry UAA Release 52.4 Pivotal Software Cloudfoundry UAA Release 52.5 Pivotal Software Cloudfoundry UAA Release 52.6 Pivotal Software Cloudfoundry UAA Release 52.7 Pivotal Software Cloudfoundry UAA Release 52.8 Pivotal Software Cloudfoundry UAA Release 52.9 Pivotal Software Cloudfoundry UAA Release 52.10 Pivotal Software Cloudfoundry UAA Release 53 Pivotal Software Cloudfoundry UAA Release 53.1 Pivotal Software Cloudfoundry UAA Release 53.2 Pivotal Software Cloudfoundry UAA Release 53.3 Pivotal Software Cloudfoundry UAA Release 54 Pivotal Software Cloudfoundry UAA Release 55 Pivotal Software Cloudfoundry UAA Release 55.1 Pivotal Software Cloudfoundry UAA Release 55.2 Pivotal Software Cloudfoundry UAA Release 56 Pivotal Software Cloudfoundry UAA Release 57 Pivotal Software Cloudfoundry UAA Release 57.1 Pivotal Software Cloudfoundry UAA Release 57.2 Pivotal Software Cloudfoundry UAA Release 57.3 Pivotal Software Cloudfoundry UAA Release 57.4 Pivotal Software Cloudfoundry UAA Release 58 Pivotal Software Cloudfoundry UAA Release 58.1 Pivotal Software Cloudfoundry UAA Release 59 Pivotal Software Cloudfoundry UAA Release 60 Pivotal Software Cloudfoundry UAA Release 60.2 Pivotal Software Cloudfoundry UAA 2.3.0 Pivotal Software Cloudfoundry UAA 2.3.1 Pivotal Software Cloudfoundry UAA 2.4.0 Pivotal Software Cloudfoundry UAA 2.5.1 Pivotal Software Cloudfoundry UAA 2.6.1 Pivotal Software Cloudfoundry UAA 2.7.0.2 Pivotal Software Cloudfoundry UAA 2.7.0.3 Pivotal Software Cloudfoundry UAA 2.7.1 Pivotal Software Cloudfoundry UAA 2.7.2 Pivotal Software Cloudfoundry UAA 2.7.3 Pivotal Software Cloudfoundry UAA 2.7.4.6 Pivotal Software Cloudfoundry UAA 3.0.0 Pivotal Software Cloudfoundry UAA 3.0.1 Pivotal Software Cloudfoundry UAA 3.1.0 Pivotal Software Cloudfoundry UAA 3.2.0 Pivotal Software Cloudfoundry UAA 3.2.1 Pivotal Software Cloudfoundry UAA 3.3.0 Pivotal Software Cloudfoundry UAA 3.3.0.1 Pivotal Software Cloudfoundry UAA 3.4.0 Pivotal Software Cloudfoundry UAA 3.4.1 Pivotal Software Cloudfoundry UAA 3.4.2 Pivotal Software Cloudfoundry UAA 4.5.7 Pivotal Software Cloudfoundry UAA 4.7.6 Pivotal Software Cloudfoundry UAA 4.10.2 Pivotal Software Cloudfoundry UAA 4.12.3 Pivotal Software Cloudfoundry UAA 4.12.4 Pivotal Software Cloudfoundry UAA 4.19.2	170

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.cloudfoundry.org/blog/cve-2018-11082/