CVE-2016-0898

CRITICAL

MySQL for PCF tiles <1.7.10 - Info Disclosure

Title source: llm
STIX 2.1

Description

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95146
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2016-0898

Scores

CVSS v3 10.0
EPSS 0.0142
EPSS Percentile 69.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-255 CWE-532
Status published
Products (14)
vmware/pivotal_software_mysql 1.7.0
vmware/pivotal_software_mysql 1.7.0.1
vmware/pivotal_software_mysql 1.7.0.2
vmware/pivotal_software_mysql 1.7.0.3
vmware/pivotal_software_mysql 1.7.0.4
vmware/pivotal_software_mysql 1.7.1
vmware/pivotal_software_mysql 1.7.2
vmware/pivotal_software_mysql 1.7.3
vmware/pivotal_software_mysql 1.7.4
vmware/pivotal_software_mysql 1.7.5
... and 4 more
Published Mar 29, 2018
Tracked Since Feb 18, 2026