VYPR
High severity8.8NVD Advisory· Published Mar 19, 2018· Updated Jun 17, 2026

CVE-2018-1195

CVE-2018-1195

Description

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: <1.46.0
  • Dell EMC/Cloud Controllerv5
    Range: You are using Cloud Controller version prior to 1.46.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.