Is CVE-2018-1264 actively exploited?

CVE-2018-1264 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-1264?

CVE-2018-1264 has a CVSS score of 9.1 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2018-1264?

Patch guidance is available from pivotal software security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-1264.

Which products are affected by CVE-2018-1264?

1 product: pivotal software cloud foundry log cache.

Fix CVE-2018-1264 - CRITICAL

Description

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-532

Metadata

Primary Vendor: PIVOTAL_SOFTWARE
Published: 10/5/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2018-1264

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary