CVE-2019-3790
6.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Pivotal Ops Manager | 2.3 < 2.3.16 | affected |
| Pivotal | Pivotal Ops Manager | 2.4 < 2.4.11 | affected |
| Pivotal | Pivotal Ops Manager | 2.2 < 2.2.23 | affected |
| Pivotal | Pivotal Ops Manager | 2.5 < 2.5.3 | affected |
Weaknesses
- CWE-324: CWE-324: Use of a Key Past its Expiration Date
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.