Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-1192

Published: 01/02/2018 Updated: 28/02/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Pivotal Software

Vulnerability Summary

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions before 4.5.5, 4.8.x versions before 4.8.3, and 4.7.x versions before 4.7.4; and UAA-release 45.7.x versions before 45.7, 52.7.x versions before 52.7, and 53.3.x versions before 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.

Vulnerable Product Search on Vulmon Subscribe to Product

pivotal software cloud foundry uaa

pivotal software cloud foundry uaa-release 53.3

pivotal software cloud foundry uaa-release 52.7

pivotal software cloud foundry uaa-release 45.7

pivotal software cloud foundry cf-release

pivotal software cloud foundry cf-deployment

References

CWE-200https://www.cloudfoundry.org/blog/cve-2018-1192/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook