CVE-2019-3790 Vulnerability Details

  /     /     /  

CVE-2019-3790 Metadata Quick Info

CVE Published: 06/06/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: dell | Vendor: Pivotal | Product: Pivotal Ops Manager
Status : PUBLISHED

---

CVE-2019-3790 Description

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-324
CWE Name: CWE-324: Use of a Key Past its Expiration Date
Source: Pivotal

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).