CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-11086
https://notcve.org/view.php?id=CVE-2018-11086
17 Sep 2018 — Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. Pivotal Usage Service en Pivotal Application Service, en versiones 2.0 anteriores a la 2.0.21 y versiones 2.1 anteriores a la 2.1.13 y versiones 2.2 anteriore... • https://pivotal.io/security/cve-2018-11086 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-11088
https://notcve.org/view.php?id=CVE-2018-11088
17 Sep 2018 — Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. Pivotal Applications Manager en Pivotal Application Service, en versiones 2.0 anteriores a la 2.0.21 y versiones 2.1 anteriores a la 2.1.13 y versiones... • https://pivotal.io/security/cve-2018-11088 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11044
https://notcve.org/view.php?id=CVE-2018-11044
24 Jul 2018 — Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email. Pivotal Apps Manager, incluido en Pivotal Application Service, en versiones 2.2.x anteriores a la 2.2.1, versiones 2.1.x anteri... • https://pivotal.io/security/cve-2018-11044 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1278
https://notcve.org/view.php?id=CVE-2018-1278
11 May 2018 — Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org. Apps Manager en Pivotal Application Service, en versiones 1.12.x anteriores a la 1.12.22, ... • http://www.securityfocus.com/bid/104227 • CWE-863: Incorrect Authorization •