cvedb.io
CVE-2018-11044
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-07-24T19:29:00.240 · Last modified 2026-06-17T01:35:09.040

Summary

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.

Affected products

pivotal_software — pivotal_application_service

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.