Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5406

Опубликовано: 10 апр. 2020
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:tanzu_application_service_for_vms:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.18 (исключая)
cpe:2.3:a:vmware:tanzu_application_service_for_vms:*:*:*:*:*:*:*:*
Версия от 2.7.0 (включая) до 2.7.11 (исключая)
cpe:2.3:a:vmware:tanzu_application_service_for_vms:*:*:*:*:*:*:*:*
Версия от 2.8.0 (включая) до 2.8.5 (исключая)

EPSS

Процентиль: 45%
0.00228
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522
CWE-522

Связанные уязвимости

github логотип

GHSA-vr33-39v9-jw2c

github
больше 3 лет назад

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

EPSS

Процентиль: 45%
0.00228
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522
CWE-522