CVE-2018-1192

Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation cf-release versions prior to v285 cf-deployment versions prior to v1.7 UAA 4.5.x versions prior to 4.5.5 UAA 4.7.x versions prior to 4.7.4 UAA 4.8.x versions prior to 4.8.3 UAA-release 45.7.x versions prior to 45.7 UAA-release 52.7.x versions prior to 52.7 UAA-release 53.3.x versions prior to 53.3

Description The issue allows an attacker to impersonate a logged-in user by using the SessionID logged in audit event logs.

Recommendations For Cloud Foundry Foundation cf-release versions prior to v285, update to version v285 or later. For cf-deployment versions prior to v1.7, update to version v1.7 or later. For UAA 4.5.x versions prior to 4.5.5, update to version 4.5.5 or later. For UAA 4.7.x versions prior to 4.7.4, update to version 4.7.4 or later. For UAA 4.8.x versions prior to 4.8.3, update to version 4.8.3 or later. For UAA-release 45.7.x versions prior to 45.7, update to version 45.7 or later. For UAA-release 52.7.x versions prior to 52.7, update to version 52.7 or later. For UAA-release 53.3.x versions prior to 53.3, update to version 53.3 or later.