Is CVE-2019-11276 actively exploited?

CVE-2019-11276 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-11276?

CVE-2019-11276 has a CVSS score of 5.4 (MEDIUM severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

How do I patch CVE-2019-11276?

Patch guidance is available from pivotal software security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-11276.

CVE-2019-11276 - remediation guidance & executive summary

Q: Which products are affected by CVE-2019-11276?

4 products: pivotal software application service, pivotal software application service, pivotal software application service, pivotal software application service.

Description

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none
Weaknesses: CWE-319 CWE-319

Metadata

Primary Vendor: PIVOTAL_SOFTWARE
Published: 8/19/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

pivotal_software : application_servicepivotal_software : application_servicepivotal_software : application_servicepivotal_software : application_service

Remediation Guidance

Executive Summary

View on NIST NVD