CVE-2019-11292Log File Information Exposure in OPS Manager

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pivotal OPS ManagerPivotal Software Operations Manager
Timeline
PublishedJan 9
Latest updateMay 24

Description

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5pivotal/pivotal_ops_manager2.72.7.5+3
NVDpivotal_software/operations_manager2.4.02.4.27+3

🔴Vulnerability Details

2
GHSA
GHSA-qxj4-46g2-7rv9: Pivotal Ops Manager, versions 22022-05-24
CVEList
Pivotal Ops Manager logs query parameters in tomcat access file2020-01-08
CVE-2019-11292 — Log File Information Exposure | cvebase