CVE-2019-11292
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Pivotal Ops Manager | 2.7 < 2.7.5 | affected |
| Pivotal | Pivotal Ops Manager | 2.6 < 2.6.16 | affected |
| Pivotal | Pivotal Ops Manager | 2.5 < 2.5.24 | affected |
| Pivotal | Pivotal Ops Manager | 2.4 < 2.4.27 | affected |
Weaknesses
- CWE-532: CWE-532: Inclusion of Sensitive Information in Log Files
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.