1. Home
  2. Vulnerabilities
  3. CVE-2018-15795

CVE-2018-15795

CVSS v3.0 8.1 (High)
81% Progress
CVSS v2.0 5.5 (Medium)
55% Progress
EPSS 0.06 % (25th)
0.06% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.

Weaknesses
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE Status
PUBLISHED
CNA
Dell
Published Date
2018-11-13 14:29:00
(5 years ago)
Updated Date
2019-10-09 23:35:54
(5 years ago)

Affected Products

Pivotal Software

Configuration #1

    CPE23 From Up To
  Pivotal Software Credhub Service Broker prior 1.1.0 version cpe:2.3:a:pivotal_software:credhub_service_broker < 1.1.0