Description
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-532CWE-532
Metadata
- Primary Vendor
- PIVOTAL_SOFTWARE
- Published
- 1/9/2020
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
pivotal_software : operations_managerpivotal_software : operations_managerpivotal_software : operations_managerpivotal_software : operations_manager
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.