Authentication flaw

2020-01-0900:15:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcatâ€™s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

CPENameOperatorVersion
operations_managerge2.7.0
operations_managerlt2.7.5
operations_managerge2.6.0
operations_managerlt2.6.16
operations_managerge2.4.0
operations_managerlt2.4.27
operations_managerge2.5.0
operations_managerlt2.5.24

Name	Operator	Version
operations_manager	ge	2.7.0
operations_manager	lt	2.7.5
operations_manager	ge	2.6.0
operations_manager	lt	2.6.16
operations_manager	ge	2.4.0
operations_manager	lt	2.4.27
operations_manager	ge	2.5.0
operations_manager	lt	2.5.24

References

pivotal.io/security/cve-2019-11292