cvedb.io
CVE-2018-15754
MEDIUM · CVSS 4.2
EPSS exploitation probability: 0%
Published 2018-12-13T22:29:00.280 · Last modified 2026-06-17T01:43:03.483

Summary

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

Affected products

pivotal_software — cloud_foundry_uaa-release

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.