Cloudfoundry Uaa Release
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal_software:cloudfoundry_uaa_release:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal Software (a7eef617-cad9-5400-bbf0-2e56b16d90a7) |
|---|---|
| Product | Cloudfoundry Uaa Release (05dcefd5-f0ae-5e18-99d8-cc7ccd2cc657) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/cloudfoundry/uaa |
purl2cpe | 2026-06-01 10:11:01.242672 |
pkg:rpm/opensuse/uaa |
purl2cpe | 2026-06-01 10:11:01.242676 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-15761 |
vulnerable | 2026-06-03 14:38:19.389845 |
UAA Privilege Escalation
CRITICAL (9.9)
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
Published: 2018-11-19T14:00:00.000Z
Updated: 2024-09-17T00:46:20.654Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11082 |
vulnerable | 2026-06-03 14:38:00.880939 |
Cloud Foundry UAA MFA does not prevent brute force of MFA code
MEDIUM (6.6)
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Published: 2018-10-05T21:00:00.000Z
Updated: 2024-09-17T02:00:59.932Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.