CRITICAL🇵🇱 Wersja polska

CVE-2019-3793

CVSS 9.8v3.1pub. 2019-04-24upd. 2024-11-21

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pivotal Software Application Service

    APP
    Pivotal Software
    665.0.0 – 665.0.28 (bez)666.0.0 – 666.0.21 (bez)667.0.0 – 667.0.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-11270HIGH7.5ten sam produkt

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...

CVE-2019-3777HIGH8.0ten sam produkt

Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4...

CVE-2019-11276MEDIUM5.4ten sam produkt

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2...

CVE-2018-1273CRITICAL9.8⚠ KEVten sam vendor

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2020-5415CRITICAL10.0ten sam vendor

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnera...