PT-2019-16723 · Pivotal · Pivotal Apps Manager

Published

2019-04-24

Updated

2020-10-16

CVE-2019-3793

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pivotal Apps Manager Release versions 665.0.x prior to 665.0.28 Pivotal Apps Manager Release versions 666.0.x prior to 666.0.21 Pivotal Apps Manager Release versions 667.0.x prior to 667.0.7

Description The issue concerns an invitation service in Pivotal Apps Manager Release that accepts HTTP, allowing a remote unauthenticated user to potentially listen to network traffic and gain access to authorization credentials used for invitation requests.

Recommendations For versions 665.0.x prior to 665.0.28, update to version 665.0.28 or later. For versions 666.0.x prior to 666.0.21, update to version 666.0.21 or later. For versions 667.0.x prior to 667.0.7, update to version 667.0.7 or later.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-300CWE-319

Related Identifiers

CVE-2019-3793

Affected Products

Pivotal Apps Manager

PT-2019-16723 · Pivotal · Pivotal Apps Manager

CVE-2019-3793

Weakness Enumeration

Related Identifiers

Affected Products

References · 3