CVE-2018-11086

Published: Sep 17, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.

Affected (3)

Products: Pivotal Software: Pivotal Application Service

Pivotal Software

1 product

Pivotal Application Service

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Pivotal Application Service	From 2.0.0 to 2.0.21
Pivotal Software Pivotal Application Service	From 2.1.0 to 2.1.13
Pivotal Software Pivotal Application Service	From 2.2.0 to 2.2.5

References (2)

https://pivotal.io/security/cve-2018-11086

Source: security_alert@emc.com

MitigationVendor Advisory

https://pivotal.io/security/cve-2018-11086

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.