CVE-2019-11292

Summary

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

Affected Software

VendorProductVersion RangeStatus
PivotalPivotal Ops Manager2.7 < 2.7.5affected
PivotalPivotal Ops Manager2.6 < 2.6.16affected
PivotalPivotal Ops Manager2.5 < 2.5.24affected
PivotalPivotal Ops Manager2.4 < 2.4.27affected

Weaknesses

  • CWE-532: CWE-532: Inclusion of Sensitive Information in Log Files

ADP Enrichment

CVE Program Container

Additional References

References