BID:106019

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability

CVE-2018-15759 |

Info

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability

Bugtraq ID:	106019
Class:	Design Error
CVE:	CVE-2018-15759
Remote:	Yes
Local:	No
Published:	Nov 27 2018 12:00AM
Updated:	Nov 27 2018 12:00AM
Credit:	GE Digital Security Team
Vulnerable:	Pivotal Cloud Foundry On Demand Services SDK 0 Pivotal Cloud Foundry Broker API 0

Not Vulnerable:	Pivotal Cloud Foundry On Demand Services SDK 0.24 Pivotal Cloud Foundry Broker API 3.0.2

Discussion

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability

Multiple Pivotal Cloud Foundry Products are prone to an access-bypass vulnerability.

Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.

Exploit / POC

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability

References:

Pivotal Homepage (Pivotal)
CVE-2018-15759: On Demand Services SDK Timing Attack Vulnerability (Pivotal)