Vulnerability Name: CVE-2018-11047 (CCN-147859) Assigned: 2018-07-18 Published: 2018-07-18 Updated: 2019-10-03 Summary: Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N )6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N )4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-863 Vulnerability Consequences: Bypass Security References: Source: MITRE Type: CNACVE-2018-11047 Source: XF Type: UNKNOWNcloudfoundry-cve201811047-sec-bypass(147859) Source: CCN Type: Cloud Foundry Blog, July 18, 2018CVE-2018-11047: UAA accepts refresh token as access token on admin endpoints Source: CONFIRM Type: Mitigation, Vendor Advisoryhttps://www.cloudfoundry.org/blog/cve-2018-11047/ Source: CCN Type: IBM Security Bulletin 731715 (Cloud Private)A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-11047) Source: CCN Type: WhiteSource Vulnerability DatabaseCVE-2018-11047 Vulnerable Configuration: Configuration 1 :cpe:/a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:* (Version >= 4.5.0 and < 4.5.7)OR cpe:/a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:* (Version >= 4.7.0 and < 4.7.6) OR cpe:/a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:* (Version >= 4.10.0 and < 4.10.2) OR cpe:/a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:* (Version >= 4.12.0 and < 4.12.4) OR cpe:/a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:* (Version >= 4.19.0 and < 4.19.2) Configuration CCN 1 :cpe:/a:pivotal_software:cloud_foundry_uaa:4.19.0:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa-release:60:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa:4.12.0:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa:4.10.0:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa:4.7.0:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa:4.5.0:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa-release:57:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa-release:55:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa-release:52:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:cloud_foundry_uaa-release:45:*:*:*:*:*:*:* AND cpe:/a:ibm:cloud_private:2.1.0:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
pivotal_software cloud foundry uaa *
pivotal_software cloud foundry uaa *
pivotal_software cloud foundry uaa *
pivotal_software cloud foundry uaa *
pivotal_software cloud foundry uaa *
pivotal_software cloud foundry uaa 4.19.0
pivotal_software cloud foundry uaa-release 60
pivotal_software cloud foundry uaa 4.12.0
pivotal_software cloud foundry uaa 4.10.0
pivotal_software cloud foundry uaa 4.7.0
pivotal_software cloud foundry uaa 4.5.0
pivotal_software cloud foundry uaa-release 57
pivotal_software cloud foundry uaa-release 55
pivotal_software cloud foundry uaa-release 52
pivotal_software cloud foundry uaa-release 45
ibm cloud private 2.1.0