Vulnerabilities > Pivotal Software > Operations Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2019-11292 Information Exposure Through Log Files vulnerability in Pivotal Software Operations Manager
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file.
network
low complexity
pivotal-software CWE-532
6.5
2019-08-05 CVE-2019-11270 7PK - Security Features vulnerability in Pivotal Software products
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
network
low complexity
pivotal-software CWE-254
5.0
2019-06-06 CVE-2019-3790 Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.
network
low complexity
pivotal-software CWE-613
5.5
2018-11-02 CVE-2018-15762 Improper Privilege Management vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation.
network
low complexity
pivotal-software CWE-269
6.5
2018-10-05 CVE-2018-11081 Unspecified vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk.
network
low complexity
pivotal-software
4.0
2018-07-11 CVE-2018-11045 Use of Insufficiently Random Values vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image.
4.3
2018-06-25 CVE-2018-11046 Improper Input Validation vulnerability in Pivotal Software Operations Manager
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches.
network
low complexity
pivotal-software CWE-20
4.0
2016-09-18 CVE-2016-0883 Improper Authentication vulnerability in Pivotal Software Operations Manager
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
network
low complexity
pivotal-software CWE-287
5.0