Cloud Foundry · Cloud Foundry Uaa · CVE-2018-15754
**Name of the Vulnerable Software and Affected Versions**
Cloud Foundry UAA versions prior to 66.0
**Description**
The issue concerns an authorization logic error in environments with multiple identity providers where accounts have the same username across different providers. A remote authenticated user with access to one account may be able to obtain a token for an account with the same username in another identity provider.
**Recommendations**
For versions prior to 66.0, update to version 66.0 or later to resolve the issue.