CVE-2019-11292
MEDIUMPivotal Software Operations Manager - Log Information Exposure
Title source: ruleDescription
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2019-11292
Scores
CVSS v3
6.5
EPSS
0.0045
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
pivotal_software/operations_manager
2.4.0 - 2.4.27
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026