CVE-2020-5406
N/A
N/A
Summary
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | VMware Tanzu Application Service for VMs | 2.8.x < 2.8.5 | affected |
| Pivotal | VMware Tanzu Application Service for VMs | 2.7.x < 2.7.11 | affected |
| Pivotal | VMware Tanzu Application Service for VMs | 2.6.x < 2.6.18 | affected |
Weaknesses
- CWE-522: CWE-522: Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.