Pivotal_software Operations_manager

10 CVEs affecting Pivotal_software Operations_manager. Latest disclosed: 2020-01-09. Critical: 3, High: 3.

Top CVEs affecting Pivotal_software Operations_manager
CVESeverityScorePublishedSummary
CVE-2016-0897Critical9.82016-09-18Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators…
CVE-2016-0883Critical9.82016-09-18Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, whi…
CVE-2018-15762Critical9.02018-11-02Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, g…
CVE-2018-11081High7.92018-10-05Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations M…
CVE-2019-11270High7.52019-08-05Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the r…
CVE-2019-3776High7.22019-03-07Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, cont…
CVE-2019-11292Medium6.52020-01-09Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomca…
CVE-2018-11046Medium6.52018-06-25Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker wi…
CVE-2019-3790Medium6.12019-06-06The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, con…
CVE-2018-11045Medium5.92018-07-11Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRN…