CVE-2018-11083: BOSH accepts refresh token as access token
Severity
High
References
Vendor
Cloud Foundry Foundation
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Operations Manager
- 2.2.x versions prior to 2.2.2
- 2.1.x versions prior to 2.1.11
- 2.0.x versions prior to 2.0.20
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.2.2, 2.1.11, 2.0.20