CVE-2018-11082
- Source
- https://cve.org/CVERecord?id=CVE-2018-11082
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11082.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-11082
- Published
- 2018-10-05T21:29:00.637Z
- Modified
- 2026-04-10T04:04:18.968852Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
- References
Affected packages
Git / github.com/cloudfoundry/uaa
Affected ranges
Affected versions
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.1
1.6.2
1.8.0
4.*
4.10.0
4.11.0
4.12.0
4.15.0
4.16.0
4.17.0
4.18.0
4.19.0
4.9.0
Other
ci-upgrade
travis-success-1475
travis-success-1478
travis-success-1497
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
releases/4.*
releases/4.15.0
v12.*
v12.3