CVE-2019-11292
Description
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
- CVSS Version 3.1
- CVSS Version 3.0
- CVSS Version 2.0
nvd
CVE ID: CVE-2019-11292
Base Score: 6.5
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8
pivotal
CVE ID: CVE-2019-11292
Base Score: 8.8
Base Severity: HIGH
Vector String:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd
CVE ID: CVE-2019-11292
Base Score: 4.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:S/C:P/I:N/A:N