IBMB10598CA234DF73E17FC415BDE7C651B9CE284E7F41CFC04D1B688B16BD50F1ASecurity Bulletin: Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3800)
0.002 Low
EPSS
Percentile
59.6%
Summary
Security Vulnerability affects Cloud Foundry for IBM Cloud Private
Vulnerability Details
CVEID: CVE-2019-3800 DESCRIPTION: Pivotal Cloud Foundry CL could allow a local authenticated attacker to obtain sensitive information, caused by storing sensitive information in the config when user authenticated. By accessing the config file, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164895> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
Cloud Foundry for IBM Cloud Private 3.2.0, 3.2.1
Remediation/Fixes
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
- Cloud Foundry for IBM Cloud Private 3.2.1
- Cloud Foundry for IBM Cloud Private 3.2.0
For Cloud Foundry for IBM Cloud Private 3.2.0, apply fix pack:
For Cloud Foundry for IBM Cloud Private 3.2.1:
- Upgrade to the latest Continuous Delivery (CD) update package, Cloud Foundry for IBM Cloud Private 3.2.1.
- If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloud foundry | eq | any |
Related
0.002 Low
EPSS
Percentile
59.6%