CVE-2018-1195 in Pivotal Software and Cloudfoundry Products
Published on March 19, 2018

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.

NVD

Products Associated with CVE-2018-1195

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1195 are published in these products:

Pivotal Software Cf Deployment

Pivotal Software Cf Release

Pivotal Software Cloud Controller

Cloudfoundry Cf Release

Cloudfoundry Cf Deployment

Cloudfoundry Capi Release

Affected Versions

Dell EMC Cloud Controller:

Version You are using Cloud Controller version prior to 1.46.0 is affected.
Version You are using cf-deployment version prior to 1.3.0 is affected.
Version You are using cf-release version prior to 283 is affected.

Exploit Probability

EPSS

0.27%

Percentile

50.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1195 in Pivotal Software and Cloudfoundry ProductsPublished on March 19, 2018

Products Associated with CVE-2018-1195

Affected Versions

Exploit Probability

CVE-2018-1195 in Pivotal Software and Cloudfoundry Products
Published on March 19, 2018