CVE-2018-15759 - Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of v

CVE-2018-15759

Summary

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.

References

Vulnerable Configurations

cpe:2.3:a:pivotal_software:broker_api:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:broker_api:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:on_demand_services_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:on_demand_services_sdk:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2019 - 23:35)
Impact:
Exploitability:

CWE

CWE-307

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	106019
confirm	https://pivotal.io/security/cve-2018-15759

Last major update

09-10-2019 - 23:35

Published

19-11-2018 - 14:29

Last modified

09-10-2019 - 23:35