CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-11086
https://notcve.org/view.php?id=CVE-2018-11086
17 Sep 2018 — Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. Pivotal Usage Service en Pivotal Application Service, en versiones 2.0 anteriores a la 2.0.21 y versiones 2.1 anteriores a la 2.1.13 y versiones 2.2 anteriore... • https://pivotal.io/security/cve-2018-11086 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-11088
https://notcve.org/view.php?id=CVE-2018-11088
17 Sep 2018 — Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. Pivotal Applications Manager en Pivotal Application Service, en versiones 2.0 anteriores a la 2.0.21 y versiones 2.1 anteriores a la 2.1.13 y versiones... • https://pivotal.io/security/cve-2018-11088 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11044
https://notcve.org/view.php?id=CVE-2018-11044
24 Jul 2018 — Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email. Pivotal Apps Manager, incluido en Pivotal Application Service, en versiones 2.2.x anteriores a la 2.2.1, versiones 2.1.x anteri... • https://pivotal.io/security/cve-2018-11044 • CWE-20: Improper Input Validation •