CVE-2018-15795 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2018-15795

CVE-2018-15795

November 13, 2018

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.

Related Resources (4)

https://github.com/advisories/GHSA-q3jg-4c82-j4xh

https://nvd.nist.gov/vuln/detail/CVE-2018-15795

https://pivotal.io/security/cve-2018-15795

http://www.securityfocus.com/bid/105915

Do you need more information?

CVSS v4

Base Score:

9.2

Attack Vector

ADJACENT

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

CVSS v2

Base Score:

5.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

EPSS

Base Score:

0.36

Products

Solutions

Resources

Company

Compare

Developer Tools