Vulnerability in Pivotal Application Service

CVE-2018-1278

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations…

EPSS: 0.003 (54.8th percentile) — read the EPSS interpretation.

Affected products

Pivotal Application Service — versions 1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4

References

pivotal.io/security/cve-2018-1278 (x_refsource_CONFIRM)
104227 (vdb-entry, x_refsource_BID)