CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15761 – UAA Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-15761
19 Nov 2018 — Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. Cloud Foundry UAA release, en versiones anteriores a la v64.0, y UAA, en versiones anteriores a la 4.23.0, contiene un error de validación que permite el escalado de privilegios. Un usuario autenticado remoto p... • https://www.cloudfoundry.org/blog/cve-2018-15761 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11082 – Cloud Foundry UAA MFA does not prevent brute force of MFA code
https://notcve.org/view.php?id=CVE-2018-11082
05 Oct 2018 — Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. Cloud Foundry UAA, en todas las versiones anteriores a la 4.20.0 y Cloud Foundry UAA Release, en todas las versiones anteriores a la 61.0, permite la adivinación por fuerza bruta de códigos MFA. Un usuario remoto no autenticado mali... • https://www.cloudfoundry.org/blog/cve-2018-11082 • CWE-307: Improper Restriction of Excessive Authentication Attempts •