CVE-2018-1190

2018-01-0406:00:00

dell

www.cve.org

EPSS

0.001

Percentile

40.7%

JSON

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.

CNA Affected

[
  {
    "product": "Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102427

www.cloudfoundry.org/cve-2018-1190/

EPSS

0.001

Percentile

40.7%

JSON

Related for CVELIST:CVE-2018-1190