Multiple Pivotal Cloud Foundry products CVE-2018-1190 Cross Site Scripting Vulnerability

Multiple Pivotal Cloud Foundry products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are affected:

CVE: CVE-2018-1190
Remote: Yes
Local: No
Published: Jan 04 2018 12:00AM
Updated: Jan 04 2018 12:00AM
Credit: Bosch
Vulnerable: Pivotal Software Cloud Foundry UAA BOSH 30.1
Pivotal Software Cloud Foundry UAA BOSH 26
Pivotal Software Cloud Foundry UAA BOSH 24.8
Pivotal Software Cloud Foundry UAA BOSH 24.0
Pivotal Software Cloud Foundry UAA BOSH 13.13
Pivotal Software Cloud Foundry UAA BOSH 13.0
Pivotal Software Cloud Foundry UAA 3.16
Pivotal Software Cloud Foundry UAA 3.11
Pivotal Software Cloud Foundry UAA 3.0
Pivotal Cloud Foundry 243
Pivotal Cloud Foundry 242
Pivotal Cloud Foundry 241
Pivotal Cloud Foundry 233
Pivotal Cloud Foundry 231
Pivotal Cloud Foundry 216
Pivotal Cloud Foundry 215
Pivotal Cloud Foundry 208
Not Vulnerable: Pivotal Software Cloud Foundry UAA BOSH 45.0
Pivotal Software Cloud Foundry UAA BOSH 30.8
Pivotal Software Cloud Foundry UAA 3.20.2
Pivotal Cloud Foundry 270

Leave a Reply