CVE-2018-11082
6.6
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | UAA Release | all versions < 61.0 | affected |
| Cloud Foundry | UAA | all versions < 4.20.0 | affected |
Weaknesses
- Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.