{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T11:03:48.483","vulnerabilities":[{"cve":{"id":"CVE-2018-1262","sourceIdentifier":"security_alert@emc.com","published":"2018-05-15T20:29:00.400","lastModified":"2024-11-21T03:59:29.547","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation."},{"lang":"es","value":"Cloud Foundry Foundation UAA, en versiones 4.12.X y 4.13.X, introdujo una característica que podría permitir el escalado de privilegios en zonas de identidad para clientes que realizan validación offline. Un administrador de zona podría configurar su zona para enviar tokens que suplanten otra zona, otorgando hasta privilegios de administrador en la zona suplantada a clientes que realizan la validación offline de tokens."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.0:*:*:*:*:*:*:*","matchCriteriaId":"7480F5D5-5026-4C8B-8325-EC15002D87C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.1:*:*:*:*:*:*:*","matchCriteriaId":"0AC7AFD3-BDAC-4694-A46A-6E41202D179D"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.2:*:*:*:*:*:*:*","matchCriteriaId":"39FF09DA-7436-44E0-8470-8DDABE86E84B"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.0:*:*:*:*:*:*:*","matchCriteriaId":"138B9594-F174-43C7-986D-E6E1E451DC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.1:*:*:*:*:*:*:*","matchCriteriaId":"B91C8D98-87DF-4220-B553-9FCA6A6B678A"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.2:*:*:*:*:*:*:*","matchCriteriaId":"61CBCE45-C898-408E-8B1E-2BDE98D067B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.3:*:*:*:*:*:*:*","matchCriteriaId":"5596E255-3D39-48EF-80DE-1C3E2B04FCE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.4:*:*:*:*:*:*:*","matchCriteriaId":"B508C6DA-4A2C-4A6A-A7FE-E1E364E71FA0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57:*:*:*:*:*:*:*","matchCriteriaId":"467E8D2D-46DC-4AFE-BC54-FDB1BA6B7C5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.1:*:*:*:*:*:*:*","matchCriteriaId":"0CE652B1-F205-41ED-A9F2-5B13FE945B7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58:*:*:*:*:*:*:*","matchCriteriaId":"484DAC96-B3F0-42F0-95A7-A726BF4D9BE5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*","versionStartIncluding":"1.27.0","versionEndIncluding":"1.31.0","matchCriteriaId":"8CA93BC7-3544-4C8C-9968-71BD3BB13CEF"}]}]}],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2018-1262/","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"https://www.cloudfoundry.org/blog/cve-2018-1262/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}