CVE-2018-11082

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
dellCNA
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
pivotal_softwarecloudfoundry_uaa
𝑥
< 4.20.0
pivotal_softwarecloudfoundry_uaa_release
𝑥
< 61.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cloudfoundry.org/blog/cve-2018-11082/
https://www.cloudfoundry.org/blog/cve-2018-11082/