IBM914CBE045C39DA936AFD46C4CDEE791CA5DF43E5CEA7A7436170D90868D68F87Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-11047)
0.001 Low
EPSS
Percentile
36.5%
Summary
IBM Cloud Private Cloud Foundry is vulnerable to a security vulnerability
Vulnerability Details
CVEID: CVE-2018-11047 DESCRIPTION: Cloud Foundry uaa and uaa-release could allow a remote attacker to bypass security restrictions, caused by an issue with accepting refresh token as access token. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147859> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM Cloud Private Cloud Foundry 2.1.0
Remediation/Fixes
For the 2.1.0.x releases, upgrade to version 3.1.0
- You can obtain IBM Cloud Private Cloud Foundry 3.1.0 from IBM Passport Advantage
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud private | eq | 2.1.0 |
Related
0.001 Low
EPSS
Percentile
36.5%