CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
References
Link Resource
https://pivotal.io/security/cve-2019-11292 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*

Information

Published : 2020-01-08 16:15

Updated : 2020-10-09 06:39


NVD link : CVE-2019-11292

Mitre link : CVE-2019-11292


JSON object : View

CWE
CWE-532

Insertion of Sensitive Information into Log File

Advertisement

dedicated server usa

Products Affected

pivotal_software

  • operations_manager