Pivotal Cloud Foundry On Demand Services SDK, versions before 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software broker api |
||
pivotal software on demand services sdk |