Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-110973
HistoryNov 21, 2019 - 12:00 a.m.

Multiple Cloud Foundry Products CVE-2019-11290 Information Disclosure Vulnerability

2019-11-2100:00:00
Symantec Security Response
www.symantec.com
8

0.002 Low

EPSS

Percentile

54.0%

JSON

Description

Multiple Cloud Foundry Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The following products are affected: Cloud Foundry UAA versions prior to 74.8.0 Cloud Foundry cf-deployment versions prior to 12.10.0

Technologies Affected

  • Cloud Foundry UAA 63.0
  • Cloud Foundry UAA 64.0
  • Cloud Foundry UAA 72.0
  • Cloud Foundry UAA 73.0.0
  • Cloud Foundry UAA 73.3.0
  • Cloud Foundry UAA 73.4.0
  • Cloud Foundry UAA 73.4.2
  • Cloud Foundry UAA 74.0.0
  • Cloud Foundry UAA 74.3.0
  • Cloud Foundry UAA 74.5.0
  • Cloud Foundry UAA 74.7.0
  • Cloud Foundry cf-deployment 0.35.0
  • Cloud Foundry cf-deployment 0.36.0
  • Cloud Foundry cf-deployment 10.0.0
  • Cloud Foundry cf-deployment 10.1.0
  • Cloud Foundry cf-deployment 11.0.0
  • Cloud Foundry cf-deployment 11.1.0
  • Cloud Foundry cf-deployment 12.2.0
  • Cloud Foundry cf-deployment 12.3.0
  • Cloud Foundry cf-deployment 12.4.0
  • Cloud Foundry cf-deployment 12.5.0
  • Cloud Foundry cf-deployment 12.6.0
  • Cloud Foundry cf-deployment 12.7.0
  • Cloud Foundry cf-deployment 12.8.0
  • Cloud Foundry cf-deployment 12.9.0
  • Cloud Foundry cf-deployment 7.3.0
  • Cloud Foundry cf-deployment 7.4.0
  • Cloud Foundry cf-deployment 7.5.0
  • Cloud Foundry cf-deployment 7.6.0
  • Cloud Foundry cf-deployment 7.7.0
  • Cloud Foundry cf-deployment 7.8.0
  • Cloud Foundry cf-deployment 7.9.0
  • Cloud Foundry cf-deployment 9.0.0
  • Cloud Foundry cf-deployment 9.1.0
  • Cloud Foundry cf-deployment 9.2.0
  • Cloud Foundry cf-deployment 9.3.0
  • Cloud Foundry cf-deployment 9.4.0
  • Cloud Foundry cf-deployment 9.5.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, block access at the network perimeter to computers hosting the vulnerable device.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Implement multiple redundant layers of security.
Use of multiple redundant layers of encryption may reduce exposure to this and other latent vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.

Related

prion 1
osv 1
cvelist 1
nvd 1
cloudfoundry 1
cve 1
prion
prion
Authentication flaw
2019-11-26 00:15:00
osv
osv
CVE-2019-11290
2019-11-26 00:15:11
cvelist
cvelist
CVE-2019-11290 Cloud Foundry UAA logs query parameters in tomcat access file
2019-11-21 00:00:00
nvd
nvd
CVE-2019-11290
2019-11-26 00:15:11
cloudfoundry
cloudfoundry
CVE-2019-11290: UAA logs query parameters in tomcat access file | Cloud Foundry
2019-11-21 00:00:00
cve
cve
CVE-2019-11290
2019-11-26 00:15:11

0.002 Low

EPSS

Percentile

54.0%

JSON
Related for SMNTC-110973
prion1osv1cvelist1nvd1cloudfoundry1cve1