Filtered by vendor Pivotal Software
Subscriptions
Filtered by product Cloudfoundry Uaa Release
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-15761 | 1 Pivotal Software | 2 Cloud Foundry Uaa, Cloudfoundry Uaa Release | 2024-11-21 | N/A |
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. | ||||
CVE-2018-11082 | 1 Pivotal Software | 2 Cloudfoundry Uaa, Cloudfoundry Uaa Release | 2024-11-21 | N/A |
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. |
Page 1 of 1.