All Vulnerability Reports

CVE-2018-11083: BOSH accepts refresh token as access token


Severity

High

References

Vendor

Cloud Foundry Foundation

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Operations Manager
    • 2.2.x versions prior to 2.2.2
    • 2.1.x versions prior to 2.1.11
    • 2.0.x versions prior to 2.0.20

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.2.2, 2.1.11, 2.0.20