Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for tanzu_application_service_for_vms by vmware

    CVE-2020-5406 (GCVE-0-2020-5406)

    Vulnerability from nvd – Published: 2020-04-10 18:50 – Updated: 2024-09-17 03:17
    VLAI
    Title
    PCF Autoscaling logs its database credentials
    Summary
    VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Pivotal VMware Tanzu Application Service for VMs Affected: 2.8.x , < 2.8.5 (custom)
    Affected: 2.7.x , < 2.7.11 (custom)
    Affected: 2.6.x , < 2.6.18 (custom)
    Create a notification for this product.
    Date Public
    2020-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5406"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Tanzu Application Service for VMs",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.8.5",
                  "status": "affected",
                  "version": "2.8.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.11",
                  "status": "affected",
                  "version": "2.7.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.6.18",
                  "status": "affected",
                  "version": "2.6.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-10T18:50:12.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5406"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PCF Autoscaling logs its database credentials",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-04-09T19:33:58.000Z",
              "ID": "CVE-2020-5406",
              "STATE": "PUBLIC",
              "TITLE": "PCF Autoscaling logs its database credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Tanzu Application Service for VMs",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.8.x",
                                "version_value": "2.8.5"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.7.x",
                                "version_value": "2.7.11"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.6.x",
                                "version_value": "2.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling."
                }
              ]
            },
            "impact": null,
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5406",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5406"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5406",
        "datePublished": "2020-04-10T18:50:12.090Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:17:26.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5406 (GCVE-0-2020-5406)

    Vulnerability from cvelistv5 – Published: 2020-04-10 18:50 – Updated: 2024-09-17 03:17
    VLAI
    Title
    PCF Autoscaling logs its database credentials
    Summary
    VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Pivotal VMware Tanzu Application Service for VMs Affected: 2.8.x , < 2.8.5 (custom)
    Affected: 2.7.x , < 2.7.11 (custom)
    Affected: 2.6.x , < 2.6.18 (custom)
    Create a notification for this product.
    Date Public
    2020-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5406"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Tanzu Application Service for VMs",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.8.5",
                  "status": "affected",
                  "version": "2.8.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.11",
                  "status": "affected",
                  "version": "2.7.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.6.18",
                  "status": "affected",
                  "version": "2.6.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-10T18:50:12.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5406"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PCF Autoscaling logs its database credentials",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-04-09T19:33:58.000Z",
              "ID": "CVE-2020-5406",
              "STATE": "PUBLIC",
              "TITLE": "PCF Autoscaling logs its database credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Tanzu Application Service for VMs",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.8.x",
                                "version_value": "2.8.5"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.7.x",
                                "version_value": "2.7.11"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.6.x",
                                "version_value": "2.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling."
                }
              ]
            },
            "impact": null,
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5406",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5406"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5406",
        "datePublished": "2020-04-10T18:50:12.090Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:17:26.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }