IBM Cloud Private Cloud Foundry is vulnerable to a security vulnerability
CVEID: CVE-2018-11047 DESCRIPTION: Cloud Foundry uaa and uaa-release could allow a remote attacker to bypass security restrictions, caused by an issue with accepting refresh token as access token. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147859> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM Cloud Private Cloud Foundry 2.1.0
For the 2.1.0.x releases, upgrade to version 3.1.0
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud private | eq | 2.1.0 |