CVE-2018-15759

CRITICAL

Pivotal Cloud Foundry On Demand Services SDK < 0.24.0 - Credential Brute-Force via Excessive Authentication Attempts

Title source: llm
STIX 2.1

Description

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2018-15759
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106019

Scores

CVSS v3 9.1
EPSS 0.0175
EPSS Percentile 74.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-307
Status published
Products (2)
pivotal_software/broker_api < 3.0.2
pivotal_software/on_demand_services_sdk < 0.24.0
Published Nov 19, 2018
Tracked Since Feb 18, 2026