Unrated severityNVD Advisory· Published Jul 24, 2018· Updated Sep 16, 2024

CVE-2018-11044

Description

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.

Affected products

Pivot/Ops Managerllm-fuzzy
Range: 2.2.x < 2.2.1, 2.1.x < 2.1.8, 2.0.x < 2.0.17, 1.12.x < 1.12.26
Pivotal/Pivotal Application Servicev5
Range: 2.2.x

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pivotal.io/security/cve-2018-11044mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000