Vulnerability in Pivotal Ops Manager
CVE-2019-3790
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authentic…
EPSS: 0.001 (19.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N.
Affected products
- Pivotal Ops Manager — versions 2.3, 2.4, 2.2
Weakness classification (CWE)
References
- 108512 (vdb-entry, x_refsource_BID)
- pivotal.io/security/cve-2019-3790 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2019-3790?
- CVE-2019-3790 is a medium-severity vulnerability in Pivotal Ops Manager, classified under Use of a Key Past its Expiration Date. CVSS score: 6.1/10. Published 2019-06-06.
- How severe is CVE-2019-3790?
- Medium severity. CVSS v3 base score is 6.1 out of 10.