CVE-2019-3793

Summary

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.

Affected Software

VendorProductVersion RangeStatus
PivotalApps Manager666 < 666.0.21affected
PivotalApps Manager667 < 667.0.7affected
PivotalApps Manager665 < 665.0.28affected

Weaknesses

  • CWE-300: CWE-300: Man-in-the-Middle

ADP Enrichment

CVE Program Container

Additional References

References