MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HVMware Pivotal Software MySQL
APPVmware1.7.01.7.0.11.7.0.21.7.0.31.7.0.41.7.11.7.21.7.31.7.41.7.51.7.61.7.71.7.81.7.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam vendor
VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process
CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam vendor
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
CVE-2023-34048CRITICAL9.8⚠ KEVten sam vendor
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A m...
CVE-2023-20887CRITICAL9.8⚠ KEVten sam vendor
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access...