Pivotal Ops Manager
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:pivotal_ops_manager:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Pivotal Ops Manager (69d40d2f-a933-5cd2-be11-3abbd6261b37) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-3790 |
vulnerable | 2026-06-03 14:40:27.469666 |
Ops Manager uaa client issues tokens after refresh token expiration
MEDIUM (6.1)
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Published: 2019-06-06T19:16:16.854Z
Updated: 2024-09-16T22:20:48.221Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3776 |
vulnerable | 2026-06-03 14:40:27.444709 |
Reflected XSS in Pivotal Operations Manager
HIGH (7.2)
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.
Published: 2019-03-07T19:00:00.000Z
Updated: 2024-09-17T00:11:48.970Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11292 |
vulnerable | 2026-06-03 14:39:32.663370 |
Pivotal Ops Manager logs query parameters in tomcat access file
HIGH (8.8)
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Published: 2020-01-08T23:55:12.316Z
Updated: 2024-09-16T18:54:10.028Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.