CVE-2018-1279

EPSS 0.32%
Published 10.12.2018 19:29:25
Last modified 21.11.2024 03:59:31
Source security_alert@emc.com
Teams watchlist Login
Open Login

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Pivotal Software ≫ Rabbitmq SwPlatformpivotal_cloud_foundry

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.546

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
security_alert@emc.com	8.5	1.8	6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://pivotal.io/security/cve-2018-1279

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-1279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1279

EUVD