Filtered by vendor Pivotal Software Subscriptions
Filtered by product Cloudfoundry Uaa Release Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-15761 1 Pivotal Software 2 Cloud Foundry Uaa, Cloudfoundry Uaa Release 2024-11-21 N/A
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
CVE-2018-11082 1 Pivotal Software 2 Cloudfoundry Uaa, Cloudfoundry Uaa Release 2024-11-21 N/A
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.