Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for UAA by Cloud Foundry

    CVE-2026-41005 (GCVE-0-2026-41005)

    Vulnerability from nvd – Published: 2026-06-11 20:03 – Updated: 2026-06-13 03:55
    VLAI
    Title
    UAA accepts SAML Encrypted Assertions authentication bypass
    Summary
    Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP's public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message. Affected versions: Cloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0. Cloud Foundry CF Deployment all versions through 56.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: 2.0.0 , < 78.14.0 (custom)
    Create a notification for this product.
    Cloud Foundry CF Deployment Affected: 0.0.0 , < 57.0.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:55:30.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "78.14.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CF Deployment",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "57.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP\u0027s public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message.\n\nAffected versions:\nCloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0.\nCloud Foundry CF Deployment all versions through 56.1.0."
                }
              ],
              "value": "Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP\u0027s public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message.\n\nAffected versions:\nCloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0.\nCloud Foundry CF Deployment all versions through 56.1.0."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Per CVSS v3.1: Confidentiality HIGH; Integrity HIGH; Availability HIGH."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T20:03:22.525Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://www.cloudfoundry.org/blog/cve-2026-41005-uaa-accepts-saml-encrypted-assertions-authentication-bypass/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "UAA accepts SAML Encrypted Assertions authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41005",
        "datePublished": "2026-06-11T20:03:22.525Z",
        "dateReserved": "2026-04-16T02:19:16.426Z",
        "dateUpdated": "2026-06-13T03:55:30.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-22246 (GCVE-0-2025-22246)

    Vulnerability from nvd – Published: 2025-05-13 05:14 – Updated: 2025-05-13 13:49
    VLAI
    Title
    CVE-2025-22246 – UAA Private Key Exposure
    Summary
    Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: v77.21.0 , < v77.32.0 (git)
    Create a notification for this product.
    Cloud Foundry CF deployment Affected: v45.1.0 , ≤ v48.11.0 (git)
    Create a notification for this product.
    Date Public
    2025-05-08 17:10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T13:47:41.978031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-532",
                    "description": "CWE-532 Insertion of Sensitive Information into Log File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T13:49:09.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Any"
              ],
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "v77.32.0",
                  "status": "affected",
                  "version": "v77.21.0",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "any",
                "v45.1.0"
              ],
              "product": "CF deployment",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "v49.0.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "v48.11.0",
                  "status": "affected",
                  "version": "v45.1.0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "datePublic": "2025-05-08T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. \u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T05:14:40.968Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://www.cloudfoundry.org/blog/cve-2025-22246-uaa-private-key-exposure/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2025-22246 \u2013 UAA Private Key Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2025-22246",
        "datePublished": "2025-05-13T05:14:40.968Z",
        "dateReserved": "2025-01-02T04:30:19.929Z",
        "dateUpdated": "2025-05-13T13:49:09.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5402 (GCVE-0-2020-5402)

    Vulnerability from nvd – Published: 2020-02-27 19:30 – Updated: 2024-09-16 17:03
    VLAI
    Title
    UAA fails to check the state parameter when authenticating with external IDPs
    Summary
    In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: unspecified , < v74.14.0 (custom)
    Create a notification for this product.
    Date Public
    2020-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "v74.14.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-27T19:30:24.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "UAA fails to check the state parameter when authenticating with external IDPs",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-02-24T18:03:36.000Z",
              "ID": "CVE-2020-5402",
              "STATE": "PUBLIC",
              "TITLE": "UAA fails to check the state parameter when authenticating with external IDPs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UAA",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "v74.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloud Foundry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cloudfoundry.org/blog/cve-2020-5402",
                  "refsource": "CONFIRM",
                  "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5402",
        "datePublished": "2020-02-27T19:30:24.167Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:33.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15761 (GCVE-0-2018-15761)

    Vulnerability from nvd – Published: 2018-11-19 14:00 – Updated: 2024-09-17 00:46
    VLAI
    Title
    UAA Privilege Escalation
    Summary
    Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: all versions , < 4.23.0 (custom)
    Create a notification for this product.
    Cloud Foundry UAA Release Affected: all versions , < 64.0 (custom)
    Create a notification for this product.
    Date Public
    2018-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cloudfoundry.org/blog/cve-2018-15761/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "4.23.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "UAA Release",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "64.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-19T13:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2018-15761/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "UAA Privilege Escalation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-01T00:00:00.000Z",
              "ID": "CVE-2018-15761",
              "STATE": "PUBLIC",
              "TITLE": "UAA Privilege Escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UAA",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "4.23.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "UAA Release",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "64.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloud Foundry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cloudfoundry.org/blog/cve-2018-15761/",
                  "refsource": "CONFIRM",
                  "url": "https://www.cloudfoundry.org/blog/cve-2018-15761/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15761",
        "datePublished": "2018-11-19T14:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:20.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11082 (GCVE-0-2018-11082)

    Vulnerability from nvd – Published: 2018-10-05 21:00 – Updated: 2024-09-17 02:00
    VLAI
    Title
    Cloud Foundry UAA MFA does not prevent brute force of MFA code
    Summary
    Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Release Affected: all versions , < 61.0 (custom)
    Create a notification for this product.
    Cloud Foundry UAA Affected: all versions , < 4.20.0 (custom)
    Create a notification for this product.
    Date Public
    2018-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cloudfoundry.org/blog/cve-2018-11082/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UAA Release",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "61.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "4.20.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T20:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2018-11082/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cloud Foundry UAA MFA does not prevent brute force of MFA code",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-01T07:00:00.000Z",
              "ID": "CVE-2018-11082",
              "STATE": "PUBLIC",
              "TITLE": "Cloud Foundry UAA MFA does not prevent brute force of MFA code"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UAA Release",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "61.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "UAA",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "4.20.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloud Foundry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cloudfoundry.org/blog/cve-2018-11082/",
                  "refsource": "CONFIRM",
                  "url": "https://www.cloudfoundry.org/blog/cve-2018-11082/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11082",
        "datePublished": "2018-10-05T21:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:00:59.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-41005 (GCVE-0-2026-41005)

    Vulnerability from cvelistv5 – Published: 2026-06-11 20:03 – Updated: 2026-06-13 03:55
    VLAI
    Title
    UAA accepts SAML Encrypted Assertions authentication bypass
    Summary
    Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP's public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message. Affected versions: Cloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0. Cloud Foundry CF Deployment all versions through 56.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: 2.0.0 , < 78.14.0 (custom)
    Create a notification for this product.
    Cloud Foundry CF Deployment Affected: 0.0.0 , < 57.0.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:55:30.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "78.14.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CF Deployment",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "57.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP\u0027s public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message.\n\nAffected versions:\nCloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0.\nCloud Foundry CF Deployment all versions through 56.1.0."
                }
              ],
              "value": "Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP\u0027s public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message.\n\nAffected versions:\nCloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0.\nCloud Foundry CF Deployment all versions through 56.1.0."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Per CVSS v3.1: Confidentiality HIGH; Integrity HIGH; Availability HIGH."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T20:03:22.525Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://www.cloudfoundry.org/blog/cve-2026-41005-uaa-accepts-saml-encrypted-assertions-authentication-bypass/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "UAA accepts SAML Encrypted Assertions authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2026-41005",
        "datePublished": "2026-06-11T20:03:22.525Z",
        "dateReserved": "2026-04-16T02:19:16.426Z",
        "dateUpdated": "2026-06-13T03:55:30.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-22246 (GCVE-0-2025-22246)

    Vulnerability from cvelistv5 – Published: 2025-05-13 05:14 – Updated: 2025-05-13 13:49
    VLAI
    Title
    CVE-2025-22246 – UAA Private Key Exposure
    Summary
    Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: v77.21.0 , < v77.32.0 (git)
    Create a notification for this product.
    Cloud Foundry CF deployment Affected: v45.1.0 , ≤ v48.11.0 (git)
    Create a notification for this product.
    Date Public
    2025-05-08 17:10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T13:47:41.978031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-532",
                    "description": "CWE-532 Insertion of Sensitive Information into Log File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T13:49:09.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Any"
              ],
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "v77.32.0",
                  "status": "affected",
                  "version": "v77.21.0",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "any",
                "v45.1.0"
              ],
              "product": "CF deployment",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "v49.0.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "v48.11.0",
                  "status": "affected",
                  "version": "v45.1.0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "datePublic": "2025-05-08T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. \u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T05:14:40.968Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://www.cloudfoundry.org/blog/cve-2025-22246-uaa-private-key-exposure/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2025-22246 \u2013 UAA Private Key Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2025-22246",
        "datePublished": "2025-05-13T05:14:40.968Z",
        "dateReserved": "2025-01-02T04:30:19.929Z",
        "dateUpdated": "2025-05-13T13:49:09.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5402 (GCVE-0-2020-5402)

    Vulnerability from cvelistv5 – Published: 2020-02-27 19:30 – Updated: 2024-09-16 17:03
    VLAI
    Title
    UAA fails to check the state parameter when authenticating with external IDPs
    Summary
    In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: unspecified , < v74.14.0 (custom)
    Create a notification for this product.
    Date Public
    2020-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "v74.14.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-27T19:30:24.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "UAA fails to check the state parameter when authenticating with external IDPs",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-02-24T18:03:36.000Z",
              "ID": "CVE-2020-5402",
              "STATE": "PUBLIC",
              "TITLE": "UAA fails to check the state parameter when authenticating with external IDPs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UAA",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "v74.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloud Foundry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cloudfoundry.org/blog/cve-2020-5402",
                  "refsource": "CONFIRM",
                  "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5402",
        "datePublished": "2020-02-27T19:30:24.167Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:33.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15761 (GCVE-0-2018-15761)

    Vulnerability from cvelistv5 – Published: 2018-11-19 14:00 – Updated: 2024-09-17 00:46
    VLAI
    Title
    UAA Privilege Escalation
    Summary
    Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Affected: all versions , < 4.23.0 (custom)
    Create a notification for this product.
    Cloud Foundry UAA Release Affected: all versions , < 64.0 (custom)
    Create a notification for this product.
    Date Public
    2018-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cloudfoundry.org/blog/cve-2018-15761/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "4.23.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "UAA Release",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "64.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-19T13:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2018-15761/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "UAA Privilege Escalation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-01T00:00:00.000Z",
              "ID": "CVE-2018-15761",
              "STATE": "PUBLIC",
              "TITLE": "UAA Privilege Escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UAA",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "4.23.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "UAA Release",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "64.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloud Foundry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cloudfoundry.org/blog/cve-2018-15761/",
                  "refsource": "CONFIRM",
                  "url": "https://www.cloudfoundry.org/blog/cve-2018-15761/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15761",
        "datePublished": "2018-11-19T14:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:20.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11082 (GCVE-0-2018-11082)

    Vulnerability from cvelistv5 – Published: 2018-10-05 21:00 – Updated: 2024-09-17 02:00
    VLAI
    Title
    Cloud Foundry UAA MFA does not prevent brute force of MFA code
    Summary
    Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloud Foundry UAA Release Affected: all versions , < 61.0 (custom)
    Create a notification for this product.
    Cloud Foundry UAA Affected: all versions , < 4.20.0 (custom)
    Create a notification for this product.
    Date Public
    2018-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cloudfoundry.org/blog/cve-2018-11082/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UAA Release",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "61.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "UAA",
              "vendor": "Cloud Foundry",
              "versions": [
                {
                  "lessThan": "4.20.0",
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T20:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2018-11082/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cloud Foundry UAA MFA does not prevent brute force of MFA code",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-01T07:00:00.000Z",
              "ID": "CVE-2018-11082",
              "STATE": "PUBLIC",
              "TITLE": "Cloud Foundry UAA MFA does not prevent brute force of MFA code"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UAA Release",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "61.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "UAA",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "all versions",
                                "version_value": "4.20.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloud Foundry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cloudfoundry.org/blog/cve-2018-11082/",
                  "refsource": "CONFIRM",
                  "url": "https://www.cloudfoundry.org/blog/cve-2018-11082/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11082",
        "datePublished": "2018-10-05T21:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:00:59.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }