7.5
CVE-2019-11270
- EPSS 0.23%
- Veröffentlicht 05.08.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:20:49
- Quelle security@pivotal.io
- CVE-Watchlists
- Unerledigt
LoginCloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pivotal Software ≫ Application Service Version >= 2.3.0 < 2.3.15
Pivotal Software ≫ Application Service Version >= 2.4.0 < 2.4.11
Pivotal Software ≫ Application Service Version >= 2.5.0 < 2.5.7
Pivotal Software ≫ Application Service Version >= 2.6.0 < 2.6.2
Pivotal Software ≫ Cloud Foundry Uaa Version < 73.4.0
Pivotal Software ≫ Operations Manager Version >= 2.3.0 < 2.3.22
Pivotal Software ≫ Operations Manager Version >= 2.4.0 < 2.4.16
Pivotal Software ≫ Operations Manager Version >= 2.5.0 < 2.5.10
Pivotal Software ≫ Operations Manager Version >= 2.6.0 < 2.6.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.427 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| security@pivotal.io | 7.3 | 1 | 5.8 |
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.