PT-2020-18462 · Vmware · Vmware Tanzu Application Service For Vms
Published
2020-04-10
·
Updated
2020-04-13
·
CVE-2020-5406
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
VMware Tanzu Application Service for VMs versions 2.6.x prior to 2.6.18
VMware Tanzu Application Service for VMs versions 2.7.x prior to 2.7.11
VMware Tanzu Application Service for VMs versions 2.8.x prior to 2.8.5
Description
The issue allows a malicious user with access to logs to gain unauthorized access to the database being used by Autoscaling, as database connection properties, including database username and password, are written to its log.
Recommendations
For versions 2.6.x prior to 2.6.18, update to version 2.6.18 or later.
For versions 2.7.x prior to 2.7.11, update to version 2.7.11 or later.
For versions 2.8.x prior to 2.8.5, update to version 2.8.5 or later.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Tanzu Application Service For Vms