CVE-2018-15795
8.1
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Summary
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal Cloud Foundry | CredHub Service Broker | all versions < 1.1.0 | affected |
Weaknesses
- Predictability problems
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.