Vulnerabilities > Pivotal Software > Operations Manager > 2.4.3

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2019-11292 Information Exposure Through Log Files vulnerability in Pivotal Software Operations Manager
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file.
network
low complexity
pivotal-software CWE-532
6.5
6.5
2019-08-05 CVE-2019-11270 Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Cloud Foundry UAA
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
network
low complexity
pivotal-software CWE-732
7.5
7.5
2019-06-06 CVE-2019-3790 Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.
network
low complexity
pivotal-software CWE-613
5.4
5.4