CVE-2018-11082 vulnerability in Pivotal Software Products
Published on October 5, 2018
Cloud Foundry UAA MFA does not prevent brute force of MFA code
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Products Associated with CVE-2018-11082
stack.watch emails you whenever new vulnerabilities are published in Pivotal Software Cloudfoundry Uaa or Pivotal Software Cloudfoundry Uaa Release. Just hit a watch button to start following.
Affected Versions
Cloud Foundry UAA Release:- Version all versions and below 61.0 is affected.
- Version all versions and below 4.20.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.