Search criteria
3 vulnerabilities found for credhub_service_broker by pivotal_software
FKIE_CVE-2018-15795
Vulnerability from fkie_nvd - Published: 2018-11-13 14:29 - Updated: 2024-11-21 03:51
Severity ?
8.1 (High) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105915 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2018-15795 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105915 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2018-15795 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal_software | credhub_service_broker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:credhub_service_broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB374DB4-B1AA-4AD9-B83E-4B7C9AB76CE9",
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker\u0027s UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
},
{
"lang": "es",
"value": "Dell EMC RecoverPoint, en versiones anteriores a la 5.1.2.1 y RecoverPoint for VMs en versiones anteriores a la 5.2.0.2, contienen una vulnerabilidad de consumo de recursos no controlado. Un usuario boxmgmt malicioso podr\u00eda ser capaz de consumir grandes cantidades de banda ancha de CPU para hacer que el sistema se ralentice o determine la existencia de cualquier archivo del sistema mediante la interfaz de l\u00ednea de comandos de Boxmgmt."
}
],
"id": "CVE-2018-15795",
"lastModified": "2024-11-21T03:51:27.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-13T14:29:00.340",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105915"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2018-15795"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-15795 (GCVE-0-2018-15795)
Vulnerability from cvelistv5 – Published: 2018-11-13 14:00 – Updated: 2024-09-16 16:47
VLAI?
Title
CredHub Service Broker uses guessable client secret
Summary
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
Severity ?
8.1 (High)
CWE
- Predictability problems
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal Cloud Foundry | CredHub Service Broker |
Affected:
all versions , < 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CredHub Service Broker",
"vendor": "Pivotal Cloud Foundry",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker\u0027s UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Predictability problems",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105915"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CredHub Service Broker uses guessable client secret",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-09T08:00:00.000Z",
"ID": "CVE-2018-15795",
"STATE": "PUBLIC",
"TITLE": "CredHub Service Broker uses guessable client secret"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CredHub Service Broker",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all versions",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Pivotal Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker\u0027s UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Predictability problems"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15795",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105915"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-15795",
"datePublished": "2018-11-13T14:00:00Z",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-09-16T16:47:36.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15795 (GCVE-0-2018-15795)
Vulnerability from nvd – Published: 2018-11-13 14:00 – Updated: 2024-09-16 16:47
VLAI?
Title
CredHub Service Broker uses guessable client secret
Summary
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
Severity ?
8.1 (High)
CWE
- Predictability problems
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal Cloud Foundry | CredHub Service Broker |
Affected:
all versions , < 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CredHub Service Broker",
"vendor": "Pivotal Cloud Foundry",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker\u0027s UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Predictability problems",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105915"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CredHub Service Broker uses guessable client secret",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-09T08:00:00.000Z",
"ID": "CVE-2018-15795",
"STATE": "PUBLIC",
"TITLE": "CredHub Service Broker uses guessable client secret"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CredHub Service Broker",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all versions",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Pivotal Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker\u0027s UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Predictability problems"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15795",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105915"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-15795",
"datePublished": "2018-11-13T14:00:00Z",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-09-16T16:47:36.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}