High severity8.8NVD Advisory· Published Mar 19, 2018· Updated Jun 17, 2026
CVE-2018-1195
CVE-2018-1195
Description
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.46.0
- Dell EMC/Cloud Controllerv5Range: You are using Cloud Controller version prior to 1.46.0
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2018-1195/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.