CVE-2018-11082

EPSS 0.28%
Veröffentlicht 05.10.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:42:38
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Cloud Foundry UAA MFA does not prevent brute force of MFA code

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pivotal Software ≫ Cloudfoundry Uaa Version < 4.20.0

Pivotal Software ≫ Cloudfoundry Uaa Release Version < 61.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.512

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security_alert@emc.com	6.6	0.7	5.9	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.cloudfoundry.org/blog/cve-2018-11082/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11082

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-11082