admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-12xx/CVE-2018-1264.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

125 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-1264",
"sourceIdentifier": "security_alert@emc.com",
"published": "2018-10-05T21:29:00.873",
"lastModified": "2019-10-09T23:38:17.977",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation."
},
{
"lang": "es",
"value": "Cloud Foundry Log Cache, en versiones anteriores a la 1.1.1, registra el secreto UAA del cliente al arranque como parte de su informe envstruct. Un atacante remoto que ha obtenido acceso a la m\u00e1quina virtual Log Cache puede leer este secreto, obteniendo todos los privilegios obtenidos por el cliente UAA Log Cache. En el peor de los casos, si este cliente es un administrador, el atacante obtendr\u00eda el control total de Foundation."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_log_cache:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.1",
"matchCriteriaId": "72396C1B-D6C5-4DDC-8082-409E816CB73F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2018-1264/",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink