MEDIUM🇬🇧 English

CVE-2019-3790

CVSS 6.1v3.0pub. 2019-06-06upd. 2024-11-21

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
  • Pivotal Software Operations Manager

    APP
    Pivotal Software
    2.2.0 – 2.2.23 (bez)2.3.0 – 2.3.16 (bez)2.4.0 – 2.4.11 (bez)2.5.0 – 2.5.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-15762CRITICAL9.0ten sam produkt

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x pri...

CVE-2016-0897CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, ...

CVE-2016-0883CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption k...

CVE-2019-11270HIGH7.5ten sam produkt

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...

CVE-2019-3776HIGH7.2ten sam produkt

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions pri...