CVE-2019-3793

Name of the Vulnerable Software and Affected Versions Pivotal Apps Manager Release versions 665.0.x prior to 665.0.28 Pivotal Apps Manager Release versions 666.0.x prior to 666.0.21 Pivotal Apps Manager Release versions 667.0.x prior to 667.0.7

Description The issue concerns an invitation service in Pivotal Apps Manager Release that accepts HTTP, allowing a remote unauthenticated user to potentially listen to network traffic and gain access to authorization credentials used for invitation requests.

Recommendations For versions 665.0.x prior to 665.0.28, update to version 665.0.28 or later. For versions 666.0.x prior to 666.0.21, update to version 666.0.21 or later. For versions 667.0.x prior to 667.0.7, update to version 667.0.7 or later.