cvedb.io
CVE-2018-1256
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2018-05-07T16:22:00.217 · Last modified 2026-06-17T01:50:49.833

Summary

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

Affected products

vmware — spring_cloud_sso_connector

Does this affect you?

Add your gear to cvedb and we'll alert you only when vmware ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.