cvedb.io
CVE-2018-15759
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2018-11-19T14:29:00.343 · Last modified 2026-06-17T01:43:04.177

Summary

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.

Affected products

pivotal_software — broker_api

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.