← volver
CVE-2019-3790

Ops Manager uaa client issues tokens after refresh token expiration

CVSS 6.1 MEDIUMEPSS 0.7%CWE-324
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Productos afectados
Pivotal · Pivotal Ops Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://pivotal.io/security/cve-2019-3790http://www.securityfocus.com/bid/108512