CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

Published: Jan 9, 2020
Updated: Nov 8, 2023
CVE: CVE-2019-11292
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
pivotal_software / operations_manager	2.7.0	2.7.5
pivotal_software / operations_manager	2.6.0	2.6.16
pivotal_software / operations_manager	2.4.0	2.4.27
pivotal_software / operations_manager	2.5.0	2.5.24

https://pivotal.io/security/cve-2019-11292

Vulnerability Database

289,689

CVE-2019-11292