// For flags

CVE-2018-1256

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

Spring Cloud SSO Connector 2.1.2 contiene una regresión que deshabilita la validación de distribuidor en servidores de recursos que no están vinculados al servicio SSO. En despliegues PCF con múltiples planes de servicio SSO, un atacante remoto puede autenticarse en servidores de recursos no vinculados que emplean esta versión de SSO Connector con tokens generados de otro plan de servicio.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-12-06 CVE Reserved
  • 2018-05-07 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://pivotal.io/security/cve-2018-1256 2021-08-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Spring Cloud Sso Connector
Search vendor "Vmware" for product "Spring Cloud Sso Connector"
 2.1.2
Search vendor "Vmware" for product "Spring Cloud Sso Connector" and version "2.1.2"
-
Affected