{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T05:52:58.611","vulnerabilities":[{"cve":{"id":"CVE-2018-15754","sourceIdentifier":"security_alert@emc.com","published":"2018-12-13T22:29:00.280","lastModified":"2024-11-21T03:51:24.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider."},{"lang":"es","value":"Cloud Foundry UAA, en versiones 60 anteriores a la 66.0, contiene un error de lógica de autorización. En entornos con múltiples proveedores de identidad que contienen cuentas en varios proveedores de identidad con el mismo nombre de usuario, un usuario autenticado remoto con acceso a una de estas cuentas podría ser capaz de obtener un token para una cuenta del mismo nombre de usuario en el otro proveedor de identidad."}],"metrics":{"cvssMetricV30":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:*:*:*:*:*:*:*:*","versionStartIncluding":"60.0","versionEndExcluding":"66.0","matchCriteriaId":"A809A29E-136F-473A-A300-9D2387CC20EE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106240","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cloudfoundry.org/blog/cve-2018-15754","source":"security_alert@emc.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.cloudfoundry.org/blog/cve-2018-15754/","source":"security_alert@emc.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/106240","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cloudfoundry.org/blog/cve-2018-15754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.cloudfoundry.org/blog/cve-2018-15754/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}