The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NPivotal Software Operations Manager
APPPivotal Software2.2.0 – 2.2.23 (bez)2.3.0 – 2.3.16 (bez)2.4.0 – 2.4.11 (bez)2.5.0 – 2.5.3 (bez)
Powiązane podatności
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x pri...
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, ...
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption k...
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions pri...