CVE-2018-1190

NONE EPSS 53.1%
Published Jan 4, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 4, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.

Threat Intelligence

EPSS Exploit Probability
53.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 3

VendorProductVersionRange
cloudfoundrycf-release* ≤269
pivotaluaa*≥3.0.0  –  ≤3.20.1
pivotaluaa_bosh* ≤44

References 2

  • securityfocus.com http://www.securityfocus.com/bid/102427
    Third Party AdvisoryVDB Entry
  • cloudfoundry.org https://www.cloudfoundry.org/cve-2018-1190/
    Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.