Pivotal Software Operations Manager 2.4.6

CPE Details

Pivotal Software Operations Manager 2.4.6
pivotal_software
operations_manager
2.4.6
2019-05-30
19h03 +00:00
2019-05-30
19h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pivotal_software:operations_manager:2.4.6:*:*:*:*:*:*:*

Informations

Vendor

pivotal_software

Product

operations_manager

Version

2.4.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-11292 2020-01-08 23h55 +00:00 Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
6.5
Medium
CVE-2019-11270 2019-08-05 16h21 +00:00 Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
7.5
High
CVE-2019-3790 2019-06-06 19h16 +00:00 The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
6.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.