CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1231
https://notcve.org/view.php?id=CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. Cloud Foundry BOSH CLI, en versiones anteriores a la v3.0.1, contiene una vulnerabilidad de control de acceso incorrecto. Un usuario con acceso a una instancia que utilice BOSH CLI puede acceder al archivo de configuración de BOSH CLI y utilizar sus contenidos para realizar peticiones autenticadas a BOSH. • https://www.cloudfoundry.org/blog/cve-2018-1231 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1230
https://notcve.org/view.php?id=CVE-2018-1230
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. Pivotal Spring Batch Admin, en todas las versiones, no contiene protección contra Cross-Site Request Forgery (CSRF). Un usuario remoto no autenticado podría manipular un sitio malicioso que ejecute peticiones a Spring Batch Admin. • http://www.securityfocus.com/bid/103463 https://pivotal.io/security/cve-2018-1230 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1229
https://notcve.org/view.php?id=CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life. Pivotal Spring Batch Admin, en todas las versiones, contiene una vulnerabilidad Cross-Site Scripting (XSS) persistente en la característica de subida de archivos. Un usuario malicioso no autenticado con acceso de red a Spring Batch Admin podría almacenar un script web arbitrario que sería ejecutado por otros usuarios. • http://www.securityfocus.com/bid/103462 https://pivotal.io/security/cve-2018-1229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1197
https://notcve.org/view.php?id=CVE-2018-1197
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. En las versiones anteriores a la 1200.14 de Windows Stemcells, las aplicaciones que se ejecutan en contenedores en Windows en Google Cloud Platform pueden acceder al endpoint de metadatos. Un usuario malicioso podría emplear esto para obtener credenciales privilegiados. • https://www.cloudfoundry.org/blog/cve-2018-1197 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1200
https://notcve.org/view.php?id=CVE-2018-1200
Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links. Apps Manager for PCF (Pivotal Application Service en versiones 1.11.x anteriores a la 1.11.26, versiones 1.12.x anteriores a la 1.12.14 y versiones 2.0.x anteriores a la 2.0.5) permite la lectura remota sin autorización en su contenedor mediante enlaces especialmente manipulados. • http://www.securityfocus.com/bid/103042 https://pivotal.io/security/cve-2018-1200 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •