CVE-2019-11292 Vulnerability Details

  /     /     /  

CVE-2019-11292 Metadata Quick Info

CVE Published: 08/01/2020 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: pivotal | Vendor: Pivotal | Product: Pivotal Ops Manager
Status : PUBLISHED

---

CVE-2019-11292 Description

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532: Inclusion of Sensitive Information in Log Files
Source: Pivotal

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).