spring cloud sso connector (vmware) — Vulnerabilities

Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

Vendors · vmware · spring cloud sso connector

spring cloud sso connector

· 1 CVEsvmware · 1 known vulnerabilities

Total

Critical

High

Medium

CISA KEV

CVE-2018-1256HIGH 8.1

May 7, 2018

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

All vmware products All Vendors CVE Database KEV Catalog