3 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=4.11.0) +1 more potentially affected by CVE-2018-15761 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=4.1.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.11.0 Source cves: CVE-2018-15761 Source advisory: OSV:GHSA-292X-HJR8-226F...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-15761)
Summary A security vulnerability affects IBM Cloud Private Cloud Foundry Vulnerability Details CVEID: CVE-2018-15761 DESCRIPTION: Cloud Foundry UAA release could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By modifying the...
CVE-2018-15761
Cloud Foundry UAA includes a privilege-escalation vulnerability in releases prior to v64.0 and in UAA prior to 4.23.0. A validated error lets a remote authenticated attacker modify the URL and content of the consent page to obtain a token with arbitrary scopes, escalating privileges. Exploitation...