First published: Mon Nov 19 2018(Updated: )
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pivotal Software Broker Api | <3.0.2 | |
Pivotal Software On Demand Services Sdk | <0.24.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15759 is a vulnerability in Pivotal Cloud Foundry On Demand Services SDK versions prior to 0.24 which allows a remote unauthenticated attacker to infer valid credentials and gain unauthorized access to perform actions.
CVE-2018-15759 has a severity rating of 9.8, which is considered critical.
Pivotal Broker API versions up to 3.0.2 and Pivotal On Demand Services SDK versions up to 0.24.0 are affected by CVE-2018-15759.
An attacker can exploit CVE-2018-15759 by making multiple requests to the service broker with different credentials to infer valid credentials and gain unauthorized access.
Yes, you can find more information about CVE-2018-15759 at the following references: [http://www.securityfocus.com/bid/106019](http://www.securityfocus.com/bid/106019) and [https://pivotal.io/security/cve-2018-15759](https://pivotal.io/security/cve-2018-15759).