CVE-2016-0898

CRITICAL

MySQL for PCF tiles <1.7.10 - Info Disclosure

Title source: llm
STIX 2.1

Description

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95146
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2016-0898

Scores

CVSS v3 10.0
EPSS 0.0029
EPSS Percentile 52.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-532 CWE-255
Status published
Products (14)
vmware/pivotal_software_mysql 1.7.0
vmware/pivotal_software_mysql 1.7.0.1
vmware/pivotal_software_mysql 1.7.0.2
vmware/pivotal_software_mysql 1.7.0.3
vmware/pivotal_software_mysql 1.7.0.4
vmware/pivotal_software_mysql 1.7.1
vmware/pivotal_software_mysql 1.7.2
vmware/pivotal_software_mysql 1.7.3
vmware/pivotal_software_mysql 1.7.4
vmware/pivotal_software_mysql 1.7.5
... and 4 more
Published Mar 29, 2018
Tracked Since Feb 18, 2026