← back
CVE-2019-11292

Pivotal Ops Manager logs query parameters in tomcat access file

CVSS 8.8 HIGHEPSS 1.1%CWE-532
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Pivotal · Pivotal Ops Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pivotal.io/security/cve-2019-11292