Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...

Incorrect Authorization

Overview org.wso2.am:am-parent is a WSO2 API Manager - Aggregator Module Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in possession of a valid admin refresh token to gain unauthorized access to API resources by using a refresh token instead o...

CVE-2018-11083

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access...

CVE-2018-11083 Bosh accepts refresh tokens in place of an access token

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access...

CVE-2018-11083: BOSH accepts refresh token as access token | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using bosh-release versions prior to: v264 prior to v264.14.0 v265 prior to v265.7.0 v266 prior to v266.8.0 v267 prior to v267.2.0 Description BOSH allows refresh tokens to be used as access tokens...