CVE-2019-3776

Summary

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

Affected Software

VendorProductVersion RangeStatus
PivotalPivotal Ops Manager2.2 < 2.2.16affected
PivotalPivotal Ops Manager2.3 < 2.3.10affected
PivotalPivotal Ops Manager2.4 < 2.4.3affected
PivotalPivotal Ops Manager2.1 < 2.1.19affected

Weaknesses

  • CWE-79: CWE-79: Cross-site Scripting (XSS) - Reflected

ADP Enrichment

CVE Program Container

Additional References

References