Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-FM5C-2RWC-887W
HistoryMay 13, 2022 - 1:07 a.m.

Cloud Foundry UAA reset password vulnerable to brute force attack

2022-05-1301:07:24
GitHub Advisory Database
github.com
11
cloud foundry
uaa
reset password
brute force attack
vulnerability
saml
ldap
authentication
elastic runtime

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Affected configurations

Vulners
Node
org.cloudfoundry.identitycloudfoundry-identity-serverRange<3.3.0.1
VendorProductVersionCPE
org.cloudfoundry.identitycloudfoundry-identity-server*cpe:2.3:a:org.cloudfoundry.identity:cloudfoundry-identity-server:*:*:*:*:*:*:*:*

Related

osv 2
nvd 1
cve 1
prion 1
cvelist 1
cloudfoundry 1
osv
osv
Cloud Foundry UAA reset password vulnerable to brute force attack
2022-05-13 01:07:24
CVE-2016-3084
2017-05-25 17:29:00
nvd
nvd
CVE-2016-3084
2017-05-25 17:29:00
cve
cve
CVE-2016-3084
2017-05-25 17:29:00
prion
prion
Default credentials
2017-05-25 17:29:00
cvelist
cvelist
CVE-2016-3084
2017-05-25 17:00:00
cloudfoundry
cloudfoundry
CVE-2016-3084 UAA Password Reset Vulnerability | Cloud Foundry
2016-05-23 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON
Related for GHSA-FM5C-2RWC-887W
osv2nvd1cve1prion1cvelist1cloudfoundry1