CVE-2019-11268 MEDIUM

CVE-2019-11268: UAA SQL Identity Zone Vulnerability

Vendor Cloud Foundry

Product UAA Release (OSS)

Weakness CWE-200 · Info exposure

Published July 11, 2019

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

Key dates

02Disclosure timeline

July 11, 2019 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11268 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2019-11268: UAA SQL Identity Zone Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE