{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T11:34:30.098","vulnerabilities":[{"cve":{"id":"CVE-2024-38806","sourceIdentifier":"security@vmware.com","published":"2024-07-18T19:15:12.057","lastModified":"2026-06-17T07:41:04.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation  v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 ,\n potentially resulting in users retaining access rights they should not \nhave.  This can allow them to perform operations beyond their intended \npermissions."},{"lang":"es","value":"No sincronizar correctamente los permisos del usuario en UAA en Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0, lo que podría provocar que los usuarios conserven derechos de acceso que no deberían tener. Esto puede permitirles realizar operaciones más allá de sus permisos previstos."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"n/a","product":"UAA","defaultStatus":"unaffected","versions":[{"version":"v77.10.0 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-07-18T19:24:47.556090Z","id":"CVE-2024-38806","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-440"}]}],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2024-38806-uaa-failure-to-remove-shadow-users-access","source":"security@vmware.com"},{"url":"https://www.cloudfoundry.org/blog/cve-2024-38806-uaa-failure-to-remove-shadow-users-access","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}