CVE-2019-3790
Ops Manager uaa client issues tokens after refresh token expiration
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Produtos afetados
Pivotal · Pivotal Ops ManagerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →