// For flags

CVE-2019-11270

UAA clients.write vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

Cloud Foundry UAA versiones anteriores a v73.4.0, contienen una vulnerabilidad en la que un cliente malicioso bajo posesiĆ³n de la autoridad o el alcance "clients.write" puede omitir las restricciones impuestas a los clientes creados por medio de "clients.write" y crear clientes con alcances arbitrarios que no poseen.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-18 CVE Reserved
  • 2019-08-05 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pivotal Software
Search vendor "Pivotal Software"
Application Service
Search vendor "Pivotal Software" for product "Application Service"
>= 2.3.0 < 2.3.15
Search vendor "Pivotal Software" for product "Application Service" and version " >= 2.3.0 < 2.3.15"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Application Service
Search vendor "Pivotal Software" for product "Application Service"
>= 2.4.0 < 2.4.11
Search vendor "Pivotal Software" for product "Application Service" and version " >= 2.4.0 < 2.4.11"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Application Service
Search vendor "Pivotal Software" for product "Application Service"
>= 2.5.0 < 2.5.7
Search vendor "Pivotal Software" for product "Application Service" and version " >= 2.5.0 < 2.5.7"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Application Service
Search vendor "Pivotal Software" for product "Application Service"
>= 2.6.0 < 2.6.2
Search vendor "Pivotal Software" for product "Application Service" and version " >= 2.6.0 < 2.6.2"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Cloud Foundry Uaa
Search vendor "Pivotal Software" for product "Cloud Foundry Uaa"
< 73.4.0
Search vendor "Pivotal Software" for product "Cloud Foundry Uaa" and version " < 73.4.0"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
>= 2.3.0 < 2.3.22
Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.3.0 < 2.3.22"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
>= 2.4.0 < 2.4.16
Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.4.0 < 2.4.16"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
>= 2.5.0 < 2.5.10
Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.5.0 < 2.5.10"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
>= 2.6.0 < 2.6.4
Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.6.0 < 2.6.4"
-
Affected