CVE-2019-11292

MEDIUM

Pivotal Software Operations Manager - Log Information Exposure

Title source: rule

Description

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

References (1)

[Vendor Advisory] https://pivotal.io/security/cve-2019-11292

Scores

CVSS v3 6.5

EPSS 0.0047

EPSS Percentile 64.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-532

Status published

Affected Products (1)

pivotal_software/operations_manager < 2.4.27

Timeline

Published Jan 09, 2020

Tracked Since Feb 18, 2026