Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for pivotal_application_service by pivotal_software

    CVE-2019-11275 (GCVE-0-2019-11275)

    Vulnerability from nvd – Published: 2019-10-01 14:17 – Updated: 2024-09-17 02:57
    VLAI
    Title
    CSV Injection in usage report downloaded from Pivotal Application Manager
    Summary
    Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2019-11275 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Apps Manager Affected: 670 , < 670.0.7 (custom)
    Affected: 669 , < 669.0.13 (custom)
    Affected: 668 , < 668.0.21 (custom)
    Affected: 667 , < 667.0.22 (custom)
    Affected: 666 , < 666.0.36 (custom)
    Create a notification for this product.
    Date Public
    2019-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.149Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2019-11275"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apps Manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "670.0.7",
                  "status": "affected",
                  "version": "670",
                  "versionType": "custom"
                },
                {
                  "lessThan": "669.0.13",
                  "status": "affected",
                  "version": "669",
                  "versionType": "custom"
                },
                {
                  "lessThan": "668.0.21",
                  "status": "affected",
                  "version": "668",
                  "versionType": "custom"
                },
                {
                  "lessThan": "667.0.22",
                  "status": "affected",
                  "version": "667",
                  "versionType": "custom"
                },
                {
                  "lessThan": "666.0.36",
                  "status": "affected",
                  "version": "666",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-01T14:17:40.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2019-11275"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CSV Injection in usage report downloaded from Pivotal Application Manager",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2019-09-30T18:27:17.000Z",
              "ID": "CVE-2019-11275",
              "STATE": "PUBLIC",
              "TITLE": "CSV Injection in usage report downloaded from Pivotal Application Manager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apps Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "670",
                                "version_value": "670.0.7"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "669",
                                "version_value": "669.0.13"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "668",
                                "version_value": "668.0.21"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "667",
                                "version_value": "667.0.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "666",
                                "version_value": "666.0.36"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2019-11275",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2019-11275"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2019-11275",
        "datePublished": "2019-10-01T14:17:40.183Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:57:24.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11280 (GCVE-0-2019-11280)

    Vulnerability from nvd – Published: 2019-09-20 18:35 – Updated: 2024-09-16 19:20
    VLAI
    Title
    Privilege escalation through the invitations service
    Summary
    Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2019-11280 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Application Service (PAS) Affected: 2.3.x prior to 2.3.18
    Affected: 2.4.x prior to 2.4.14
    Affected: 2.5.x prior to 2.5.10
    Affected: 2.6.x prior to 2.6.5
    Create a notification for this product.
    Date Public
    2019-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2019-11280"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Application Service (PAS)",
              "vendor": "Pivotal",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.x prior to 2.3.18"
                },
                {
                  "status": "affected",
                  "version": "2.4.x prior to 2.4.14"
                },
                {
                  "status": "affected",
                  "version": "2.5.x prior to 2.5.10"
                },
                {
                  "status": "affected",
                  "version": "2.6.x prior to 2.6.5"
                }
              ]
            }
          ],
          "datePublic": "2019-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-20T18:35:17.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2019-11280"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege escalation through the invitations service",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2019-09-20T01:05:51.000Z",
              "ID": "CVE-2019-11280",
              "STATE": "PUBLIC",
              "TITLE": "Privilege escalation through the invitations service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Application Service (PAS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.3.x prior to 2.3.18"
                              },
                              {
                                "version_value": "2.4.x prior to 2.4.14"
                              },
                              {
                                "version_value": "2.5.x prior to 2.5.10"
                              },
                              {
                                "version_value": "2.6.x prior to 2.6.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269: Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2019-11280",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2019-11280"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2019-11280",
        "datePublished": "2019-09-20T18:35:17.756Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:44.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11088 (GCVE-0-2018-11088)

    Vulnerability from nvd – Published: 2018-09-17 16:00 – Updated: 2024-09-17 03:14
    VLAI
    Summary
    Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
    Severity
    No CVSS data available.
    CWE
    • Credential leak
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11088 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Application Service Affected: 2.0 , < 2.0.21 (custom)
    Affected: 2.1 , < 2.1.13 (custom)
    Affected: 2.2 , < 2.2.5 (custom)
    Create a notification for this product.
    Date Public
    2018-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11088"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.0.21",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.13",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.5",
                  "status": "affected",
                  "version": "2.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Credential leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-17T15:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11088"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-09-13T04:00:00.000Z",
              "ID": "CVE-2018-11088",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Application Service",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0",
                                "version_value": "2.0.21"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1",
                                "version_value": "2.1.13"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2",
                                "version_value": "2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Credential leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11088",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11088"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11088",
        "datePublished": "2018-09-17T16:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:14:36.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11086 (GCVE-0-2018-11086)

    Vulnerability from nvd – Published: 2018-09-17 16:00 – Updated: 2024-09-16 20:58
    VLAI
    Summary
    Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
    Severity
    No CVSS data available.
    CWE
    • Credential leak
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11086 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Application Service Affected: 2.0 , < 2.0.21 (custom)
    Affected: 2.1 , < 2.1.13 (custom)
    Affected: 2.2 , < 2.2.5 (custom)
    Create a notification for this product.
    Date Public
    2018-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11086"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.0.21",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.13",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.5",
                  "status": "affected",
                  "version": "2.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Credential leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-17T15:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11086"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-09-13T04:00:00.000Z",
              "ID": "CVE-2018-11086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Application Service",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0",
                                "version_value": "2.0.21"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1",
                                "version_value": "2.1.13"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2",
                                "version_value": "2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Credential leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11086",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11086"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11086",
        "datePublished": "2018-09-17T16:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:01.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11044 (GCVE-0-2018-11044)

    Vulnerability from nvd – Published: 2018-07-24 19:00 – Updated: 2024-09-16 21:02
    VLAI
    Summary
    Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
    Severity
    No CVSS data available.
    CWE
    • Information exposure
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11044 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Application Service Affected: 2.2.x , < 2.2.1 (custom)
    Affected: 2.1.x , < 2.1.8 (custom)
    Affected: 2.0.x , < 2.0.17 (custom)
    Affected: 1.12.x , < 1.12.26 (custom)
    Create a notification for this product.
    Date Public
    2018-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.2.1",
                  "status": "affected",
                  "version": "2.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.8",
                  "status": "affected",
                  "version": "2.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.17",
                  "status": "affected",
                  "version": "2.0.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.12.26",
                  "status": "affected",
                  "version": "1.12.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information exposure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-24T18:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11044"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-07-23T04:00:00.000Z",
              "ID": "CVE-2018-11044",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Application Service",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2.x",
                                "version_value": "2.2.1"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1.x",
                                "version_value": "2.1.8"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0.x",
                                "version_value": "2.0.17"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "1.12.x",
                                "version_value": "1.12.26"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11044",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11044"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11044",
        "datePublished": "2018-07-24T19:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:02:31.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1278 (GCVE-0-2018-1278)

    Vulnerability from nvd – Published: 2018-05-11 20:00 – Updated: 2024-09-16 23:42
    VLAI
    Summary
    Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.
    Severity
    No CVSS data available.
    CWE
    • Authorization Error
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-1278 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104227 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Application Service Affected: 1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4
    Create a notification for this product.
    Date Public
    2018-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:59:37.602Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-1278"
              },
              {
                "name": "104227",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104227"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-22T13:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-1278"
            },
            {
              "name": "104227",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104227"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-05-10T00:00:00",
              "ID": "CVE-2018-1278",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Application Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-1278",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-1278"
                },
                {
                  "name": "104227",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104227"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1278",
        "datePublished": "2018-05-11T20:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:42:24.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1200 (GCVE-0-2018-1200)

    Vulnerability from nvd – Published: 2018-03-16 20:00 – Updated: 2024-09-16 16:17
    VLAI
    Summary
    Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.
    Severity
    No CVSS data available.
    CWE
    • File Access Vulnerability
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-1200 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103042 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Dell EMC Apps Manager for PCF Affected: Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected.
    Create a notification for this product.
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:49.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-1200"
              },
              {
                "name": "103042",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103042"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apps Manager for PCF",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "File Access Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-17T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-1200"
            },
            {
              "name": "103042",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103042"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-02-13T00:00:00",
              "ID": "CVE-2018-1200",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apps Manager for PCF",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "File Access Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-1200",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-1200"
                },
                {
                  "name": "103042",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103042"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1200",
        "datePublished": "2018-03-16T20:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:17:36.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11275 (GCVE-0-2019-11275)

    Vulnerability from cvelistv5 – Published: 2019-10-01 14:17 – Updated: 2024-09-17 02:57
    VLAI
    Title
    CSV Injection in usage report downloaded from Pivotal Application Manager
    Summary
    Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2019-11275 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Apps Manager Affected: 670 , < 670.0.7 (custom)
    Affected: 669 , < 669.0.13 (custom)
    Affected: 668 , < 668.0.21 (custom)
    Affected: 667 , < 667.0.22 (custom)
    Affected: 666 , < 666.0.36 (custom)
    Create a notification for this product.
    Date Public
    2019-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.149Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2019-11275"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apps Manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "670.0.7",
                  "status": "affected",
                  "version": "670",
                  "versionType": "custom"
                },
                {
                  "lessThan": "669.0.13",
                  "status": "affected",
                  "version": "669",
                  "versionType": "custom"
                },
                {
                  "lessThan": "668.0.21",
                  "status": "affected",
                  "version": "668",
                  "versionType": "custom"
                },
                {
                  "lessThan": "667.0.22",
                  "status": "affected",
                  "version": "667",
                  "versionType": "custom"
                },
                {
                  "lessThan": "666.0.36",
                  "status": "affected",
                  "version": "666",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-01T14:17:40.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2019-11275"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CSV Injection in usage report downloaded from Pivotal Application Manager",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2019-09-30T18:27:17.000Z",
              "ID": "CVE-2019-11275",
              "STATE": "PUBLIC",
              "TITLE": "CSV Injection in usage report downloaded from Pivotal Application Manager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apps Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "670",
                                "version_value": "670.0.7"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "669",
                                "version_value": "669.0.13"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "668",
                                "version_value": "668.0.21"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "667",
                                "version_value": "667.0.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "666",
                                "version_value": "666.0.36"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2019-11275",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2019-11275"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2019-11275",
        "datePublished": "2019-10-01T14:17:40.183Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:57:24.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11280 (GCVE-0-2019-11280)

    Vulnerability from cvelistv5 – Published: 2019-09-20 18:35 – Updated: 2024-09-16 19:20
    VLAI
    Title
    Privilege escalation through the invitations service
    Summary
    Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2019-11280 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Application Service (PAS) Affected: 2.3.x prior to 2.3.18
    Affected: 2.4.x prior to 2.4.14
    Affected: 2.5.x prior to 2.5.10
    Affected: 2.6.x prior to 2.6.5
    Create a notification for this product.
    Date Public
    2019-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2019-11280"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Application Service (PAS)",
              "vendor": "Pivotal",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.x prior to 2.3.18"
                },
                {
                  "status": "affected",
                  "version": "2.4.x prior to 2.4.14"
                },
                {
                  "status": "affected",
                  "version": "2.5.x prior to 2.5.10"
                },
                {
                  "status": "affected",
                  "version": "2.6.x prior to 2.6.5"
                }
              ]
            }
          ],
          "datePublic": "2019-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-20T18:35:17.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2019-11280"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege escalation through the invitations service",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2019-09-20T01:05:51.000Z",
              "ID": "CVE-2019-11280",
              "STATE": "PUBLIC",
              "TITLE": "Privilege escalation through the invitations service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Application Service (PAS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.3.x prior to 2.3.18"
                              },
                              {
                                "version_value": "2.4.x prior to 2.4.14"
                              },
                              {
                                "version_value": "2.5.x prior to 2.5.10"
                              },
                              {
                                "version_value": "2.6.x prior to 2.6.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269: Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2019-11280",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2019-11280"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2019-11280",
        "datePublished": "2019-09-20T18:35:17.756Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:44.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11086 (GCVE-0-2018-11086)

    Vulnerability from cvelistv5 – Published: 2018-09-17 16:00 – Updated: 2024-09-16 20:58
    VLAI
    Summary
    Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
    Severity
    No CVSS data available.
    CWE
    • Credential leak
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11086 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Application Service Affected: 2.0 , < 2.0.21 (custom)
    Affected: 2.1 , < 2.1.13 (custom)
    Affected: 2.2 , < 2.2.5 (custom)
    Create a notification for this product.
    Date Public
    2018-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11086"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.0.21",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.13",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.5",
                  "status": "affected",
                  "version": "2.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Credential leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-17T15:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11086"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-09-13T04:00:00.000Z",
              "ID": "CVE-2018-11086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Application Service",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0",
                                "version_value": "2.0.21"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1",
                                "version_value": "2.1.13"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2",
                                "version_value": "2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Credential leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11086",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11086"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11086",
        "datePublished": "2018-09-17T16:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:01.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11088 (GCVE-0-2018-11088)

    Vulnerability from cvelistv5 – Published: 2018-09-17 16:00 – Updated: 2024-09-17 03:14
    VLAI
    Summary
    Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
    Severity
    No CVSS data available.
    CWE
    • Credential leak
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11088 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Application Service Affected: 2.0 , < 2.0.21 (custom)
    Affected: 2.1 , < 2.1.13 (custom)
    Affected: 2.2 , < 2.2.5 (custom)
    Create a notification for this product.
    Date Public
    2018-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11088"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.0.21",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.13",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.5",
                  "status": "affected",
                  "version": "2.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Credential leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-17T15:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11088"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-09-13T04:00:00.000Z",
              "ID": "CVE-2018-11088",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Application Service",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0",
                                "version_value": "2.0.21"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1",
                                "version_value": "2.1.13"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2",
                                "version_value": "2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Credential leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11088",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11088"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11088",
        "datePublished": "2018-09-17T16:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:14:36.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11044 (GCVE-0-2018-11044)

    Vulnerability from cvelistv5 – Published: 2018-07-24 19:00 – Updated: 2024-09-16 21:02
    VLAI
    Summary
    Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
    Severity
    No CVSS data available.
    CWE
    • Information exposure
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11044 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Application Service Affected: 2.2.x , < 2.2.1 (custom)
    Affected: 2.1.x , < 2.1.8 (custom)
    Affected: 2.0.x , < 2.0.17 (custom)
    Affected: 1.12.x , < 1.12.26 (custom)
    Create a notification for this product.
    Date Public
    2018-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.2.1",
                  "status": "affected",
                  "version": "2.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.8",
                  "status": "affected",
                  "version": "2.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.17",
                  "status": "affected",
                  "version": "2.0.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.12.26",
                  "status": "affected",
                  "version": "1.12.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information exposure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-24T18:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11044"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-07-23T04:00:00.000Z",
              "ID": "CVE-2018-11044",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Application Service",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2.x",
                                "version_value": "2.2.1"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1.x",
                                "version_value": "2.1.8"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0.x",
                                "version_value": "2.0.17"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "1.12.x",
                                "version_value": "1.12.26"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11044",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11044"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11044",
        "datePublished": "2018-07-24T19:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:02:31.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1278 (GCVE-0-2018-1278)

    Vulnerability from cvelistv5 – Published: 2018-05-11 20:00 – Updated: 2024-09-16 23:42
    VLAI
    Summary
    Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.
    Severity
    No CVSS data available.
    CWE
    • Authorization Error
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-1278 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104227 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Application Service Affected: 1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4
    Create a notification for this product.
    Date Public
    2018-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:59:37.602Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-1278"
              },
              {
                "name": "104227",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104227"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Application Service",
              "vendor": "Pivotal",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-22T13:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-1278"
            },
            {
              "name": "104227",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104227"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-05-10T00:00:00",
              "ID": "CVE-2018-1278",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Application Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-1278",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-1278"
                },
                {
                  "name": "104227",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104227"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1278",
        "datePublished": "2018-05-11T20:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:42:24.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1200 (GCVE-0-2018-1200)

    Vulnerability from cvelistv5 – Published: 2018-03-16 20:00 – Updated: 2024-09-16 16:17
    VLAI
    Summary
    Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.
    Severity
    No CVSS data available.
    CWE
    • File Access Vulnerability
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-1200 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103042 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Dell EMC Apps Manager for PCF Affected: Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected.
    Create a notification for this product.
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:49.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-1200"
              },
              {
                "name": "103042",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103042"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apps Manager for PCF",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "File Access Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-17T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-1200"
            },
            {
              "name": "103042",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103042"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-02-13T00:00:00",
              "ID": "CVE-2018-1200",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apps Manager for PCF",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "File Access Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-1200",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-1200"
                },
                {
                  "name": "103042",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103042"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1200",
        "datePublished": "2018-03-16T20:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:17:36.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }