CVE-2020-5406
PCF Autoscaling logs its database credentials
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 abr 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
Productos afectados
Pivotal · VMware Tanzu Application Service for VMs¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →