CVE-2018-1200 - Vulnerability Details - OpenCVE

Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Pivotal Application Service

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:pivotal_application_service::::::::
	cpe:2.3:a:pivotal_software:pivotal_application_service::::::::
	cpe:2.3:a:pivotal_software:pivotal_application_service::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103042
https://pivotal.io/security/cve-2018-1200

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-03-16T20:00:00Z

Updated: 2024-09-16T16:17:36.254Z

Reserved: 2017-12-06T00:00:00

Link: CVE-2018-1200

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-16T20:29:00.493

Modified: 2024-11-21T03:59:22.930

Link: CVE-2018-1200

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apps Manager for PCF", "vendor": "Dell EMC", "versions": [{"status": "affected", "version": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."}]}], "datePublic": "2018-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."}], "problemTypes": [{"descriptions": [{"description": "File Access Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-17T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-1200"}, {"name": "103042", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103042"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-02-13T00:00:00", "ID": "CVE-2018-1200", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apps Manager for PCF", "version": {"version_data": [{"version_value": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."}]}}]}, "vendor_name": "Dell EMC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "File Access Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2018-1200", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-1200"}, {"name": "103042", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103042"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:49.055Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2018-1200"}, {"name": "103042", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103042"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-1200", "datePublished": "2018-03-16T20:00:00Z", "dateReserved": "2017-12-06T00:00:00", "dateUpdated": "2024-09-16T16:17:36.254Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "440F9448-CE31-4B5E-AAE5-49090C778C75", "versionEndExcluding": "1.11.26", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1B6933D-5A29-4EA9-9A11-FD33C9E00D2F", "versionEndExcluding": "1.12.14", "versionStartIncluding": "1.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ADE4365-9AC1-4739-B52A-CEDFE88BCF6E", "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."}, {"lang": "es", "value": "Apps Manager for PCF (Pivotal Application Service en versiones 1.11.x anteriores a la 1.11.26, versiones 1.12.x anteriores a la 1.12.14 y versiones 2.0.x anteriores a la 2.0.5) permite la lectura remota sin autorizaci\u00f3n en su contenedor mediante enlaces especialmente manipulados."}], "id": "CVE-2018-1200", "lastModified": "2024-11-21T03:59:22.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-16T20:29:00.493", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103042"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1200"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}