MEDIUM🇵🇱 Wersja polska

CVE-2019-3790

CVSS 6.1v3.0pub. 2019-06-06upd. 2024-11-21

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
  • Pivotal Software Operations Manager

    APP
    Pivotal Software
    2.2.0 – 2.2.23 (bez)2.3.0 – 2.3.16 (bez)2.4.0 – 2.4.11 (bez)2.5.0 – 2.5.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-15762CRITICAL9.0ten sam produkt

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x pri...

CVE-2016-0897CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, ...

CVE-2016-0883CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption k...

CVE-2019-11270HIGH7.5ten sam produkt

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...

CVE-2019-3776HIGH7.2ten sam produkt

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions pri...