Vulnerabilities > CVE-2018-15754 - Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pivotal-software

CWE-863

NVD

Published: 2018-12-13

Updated: 2019-10-09

Summary

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloud Foundry UAA Release 60.2 Pivotal Software Cloud Foundry UAA Release 61.0 Pivotal Software Cloud Foundry UAA Release 62.0 Pivotal Software Cloud Foundry UAA Release 63.0 Pivotal Software Cloud Foundry UAA Release 64.0	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References