Search

Find a vulnerability

Search criteria

    14 vulnerabilities by VMware Tanzu

    CVE-2020-5426 (GCVE-0-2020-5426)

    Vulnerability from nvd – Published: 2020-11-11 17:05 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Scheduler for TAS can transmit privileged UAA token in plaintext
    Summary
    Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu Pivotal Scheduler Affected: All , < 1.4.0 (custom)
    Create a notification for this product.
    Date Public
    2020-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5426"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Scheduler",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-11T17:05:15.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5426"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Scheduler for TAS can transmit privileged UAA token in plaintext",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-11-03T17:42:28.000Z",
              "ID": "CVE-2020-5426",
              "STATE": "PUBLIC",
              "TITLE": "Scheduler for TAS can transmit privileged UAA token in plaintext"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Scheduler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319: Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5426",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5426"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5426",
        "datePublished": "2020-11-11T17:05:15.456Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:38.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5425 (GCVE-0-2020-5425)

    Vulnerability from nvd – Published: 2020-10-31 21:45 – Updated: 2024-09-17 01:41
    VLAI
    Title
    User Impersonation possible in Tanzu SSO
    Summary
    Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu Single Sign-On for VMware Tanzu Affected: 1.11 , < 1.11.3 (custom)
    Affected: 1.12 , < 1.12.4 (custom)
    Affected: 1.13 , < 1.13.1 (custom)
    Create a notification for this product.
    Date Public
    2020-10-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5425"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Single Sign-On for VMware Tanzu",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.11.3",
                  "status": "affected",
                  "version": "1.11",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.12.4",
                  "status": "affected",
                  "version": "1.12",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.13.1",
                  "status": "affected",
                  "version": "1.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn\u0027t appear with LDAP because of chained authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-31T21:45:14.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5425"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "User Impersonation possible in Tanzu SSO",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-10-29T00:00:00.000Z",
              "ID": "CVE-2020-5425",
              "STATE": "PUBLIC",
              "TITLE": "User Impersonation possible in Tanzu SSO"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Single Sign-On for VMware Tanzu",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.11",
                                "version_value": "1.11.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.12",
                                "version_value": "1.12.4"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.13",
                                "version_value": "1.13.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn\u0027t appear with LDAP because of chained authentication."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5425",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5425"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5425",
        "datePublished": "2020-10-31T21:45:14.942Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:41:44.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5419 (GCVE-0-2020-5419)

    Vulnerability from nvd – Published: 2020-08-31 15:05 – Updated: 2024-09-16 23:31
    VLAI
    Title
    RabbitMQ arbitrary code execution using local binary planting
    Summary
    RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu RabbitMQ Affected: 3.7 , < 3.7.28 (custom)
    Affected: 3.8 , < 3.8.7 (custom)
    Create a notification for this product.
    Date Public
    2020-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5419"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RabbitMQ",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "3.7.28",
                  "status": "affected",
                  "version": "3.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.8.7",
                  "status": "affected",
                  "version": "3.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-31T15:05:19.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5419"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RabbitMQ arbitrary code execution using local binary planting",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-08-27T00:00:00.000Z",
              "ID": "CVE-2020-5419",
              "STATE": "PUBLIC",
              "TITLE": "RabbitMQ arbitrary code execution using local binary planting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RabbitMQ",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.7",
                                "version_value": "3.7.28"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.8",
                                "version_value": "3.8.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5419",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5419"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5419",
        "datePublished": "2020-08-31T15:05:20.057Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:31:18.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5415 (GCVE-0-2020-5415)

    Vulnerability from nvd – Published: 2020-08-12 16:40 – Updated: 2024-09-16 17:53
    VLAI
    Title
    Concourse's GitLab auth allows impersonation
    Summary
    Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu Concourse Affected: 6.4 , < 6.4.1 (custom)
    Affected: 6.3 , < 6.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Concourse",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "6.4.1",
                  "status": "affected",
                  "version": "6.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.1",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-12T16:40:14.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5415"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Concourse\u0027s GitLab auth allows impersonation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-08-12T02:35:17.000Z",
              "ID": "CVE-2020-5415",
              "STATE": "PUBLIC",
              "TITLE": "Concourse\u0027s GitLab auth allows impersonation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Concourse",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.4",
                                "version_value": "6.4.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.3",
                                "version_value": "6.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-290: Authentication Bypass by Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
                },
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5415",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5415"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5415",
        "datePublished": "2020-08-12T16:40:14.465Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:53:07.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5414 (GCVE-0-2020-5414)

    Vulnerability from nvd – Published: 2020-07-31 19:40 – Updated: 2024-09-17 00:37
    VLAI
    Title
    App Autoscaler logs credentials
    Summary
    VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu PCF Autoscaling Affected: All , < v232 (custom)
    Create a notification for this product.
    VMware Tanzu Operations Manager Affected: 2.7 , < 2.7.15 (custom)
    Affected: 2.8 , < 2.8.6 (custom)
    Affected: 2.9 , < 2.9.1 (custom)
    Create a notification for this product.
    VMware Tanzu VMware Tanzu Application Service for VMs Affected: 2.9.x , < 2.9.7 (custom)
    Affected: 2.7.x , < 2.7.19 (custom)
    Affected: 2.8.x , < 2.8.13 (custom)
    Create a notification for this product.
    Date Public
    2020-07-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5414"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PCF Autoscaling",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "v232",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Operations Manager",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "2.7.15",
                  "status": "affected",
                  "version": "2.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.8.6",
                  "status": "affected",
                  "version": "2.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.9.1",
                  "status": "affected",
                  "version": "2.9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VMware Tanzu Application Service for VMs",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "2.9.7",
                  "status": "affected",
                  "version": "2.9.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.19",
                  "status": "affected",
                  "version": "2.7.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.8.13",
                  "status": "affected",
                  "version": "2.8.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T19:40:20.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5414"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "App Autoscaler logs credentials",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-07-30T23:34:26.000Z",
              "ID": "CVE-2020-5414",
              "STATE": "PUBLIC",
              "TITLE": "App Autoscaler logs credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PCF Autoscaling",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "v232"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Operations Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.7",
                                "version_value": "2.7.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.8",
                                "version_value": "2.8.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.9",
                                "version_value": "2.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VMware Tanzu Application Service for VMs",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.9.x",
                                "version_value": "2.9.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.7.x",
                                "version_value": "2.7.19"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.8.x",
                                "version_value": "2.8.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5414",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5414"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5414",
        "datePublished": "2020-07-31T19:40:20.430Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:37:24.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5396 (GCVE-0-2020-5396)

    Vulnerability from nvd – Published: 2020-07-31 19:40 – Updated: 2024-09-16 16:23
    VLAI
    Title
    JMX Insecure Default Configuration in GemFire
    Summary
    VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu VMware Tanzu GemFire for VMs Affected: 1.10 , < 1.10.2 (custom)
    Affected: 1.11 , < 1.11.1 (custom)
    Create a notification for this product.
    VMware Tanzu VMware GemFire Affected: 9.7 , < 9.7.6 (custom)
    Affected: 9.8 , < 9.8.7 (custom)
    Affected: 9.9 , < 9.9.2 (custom)
    Affected: 9.10 , < 9.10.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5396"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Tanzu GemFire for VMs",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.10.2",
                  "status": "affected",
                  "version": "1.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.11.1",
                  "status": "affected",
                  "version": "1.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VMware GemFire",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "9.7.6",
                  "status": "affected",
                  "version": "9.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.8.7",
                  "status": "affected",
                  "version": "9.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.9.2",
                  "status": "affected",
                  "version": "9.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.10.0",
                  "status": "affected",
                  "version": "9.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T19:40:19.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5396"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "JMX Insecure Default Configuration in GemFire",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-07-30T23:27:40.000Z",
              "ID": "CVE-2020-5396",
              "STATE": "PUBLIC",
              "TITLE": "JMX Insecure Default Configuration in GemFire"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Tanzu GemFire for VMs",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.10",
                                "version_value": "1.10.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.11",
                                "version_value": "1.11.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VMware GemFire",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.7",
                                "version_value": "9.7.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.8",
                                "version_value": "9.8.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.9",
                                "version_value": "9.9.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.10",
                                "version_value": "9.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution."
                }
              ]
            },
            "impact": null,
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control - Generic"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5396",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5396"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5396",
        "datePublished": "2020-07-31T19:40:19.558Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:23:21.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11286 (GCVE-0-2019-11286)

    Vulnerability from nvd – Published: 2020-07-31 19:40 – Updated: 2024-09-16 23:46
    VLAI
    Title
    JMX Credential Deserialization in GemFire
    Summary
    VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu VMware GemFire Affected: 9.7 , < 9.7.5 (custom)
    Affected: 9.8 , < 9.8.5 (custom)
    Affected: 9.9 , < 9.9.1 (custom)
    Affected: 9.10 , < 9.10.0 (custom)
    Create a notification for this product.
    VMware Tanzu VMware Tanzu GemFire for VMs Affected: 1.9 , < 1.9.2 (custom)
    Affected: 1.10 , < 1.10.1 (custom)
    Affected: 1.8 , < 1.8.2 (custom)
    Affected: 1.11 , < 1.11.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2019-11286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware GemFire",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "9.7.5",
                  "status": "affected",
                  "version": "9.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.8.5",
                  "status": "affected",
                  "version": "9.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.9.1",
                  "status": "affected",
                  "version": "9.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.10.0",
                  "status": "affected",
                  "version": "9.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VMware Tanzu GemFire for VMs",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.9.2",
                  "status": "affected",
                  "version": "1.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.10.1",
                  "status": "affected",
                  "version": "1.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.2",
                  "status": "affected",
                  "version": "1.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "1.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T19:40:19.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2019-11286"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "JMX Credential Deserialization in GemFire",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-07-30T23:27:23.000Z",
              "ID": "CVE-2019-11286",
              "STATE": "PUBLIC",
              "TITLE": "JMX Credential Deserialization in GemFire"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware GemFire",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.7",
                                "version_value": "9.7.5"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.8",
                                "version_value": "9.8.5"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.9",
                                "version_value": "9.9.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.10",
                                "version_value": "9.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VMware Tanzu GemFire for VMs",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.9",
                                "version_value": "1.9.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.10",
                                "version_value": "1.10.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.8",
                                "version_value": "1.8.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.11",
                                "version_value": "1.11.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2019-11286",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2019-11286"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2019-11286",
        "datePublished": "2020-07-31T19:40:19.094Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:46:18.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5426 (GCVE-0-2020-5426)

    Vulnerability from cvelistv5 – Published: 2020-11-11 17:05 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Scheduler for TAS can transmit privileged UAA token in plaintext
    Summary
    Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu Pivotal Scheduler Affected: All , < 1.4.0 (custom)
    Create a notification for this product.
    Date Public
    2020-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5426"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Scheduler",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-11T17:05:15.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5426"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Scheduler for TAS can transmit privileged UAA token in plaintext",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-11-03T17:42:28.000Z",
              "ID": "CVE-2020-5426",
              "STATE": "PUBLIC",
              "TITLE": "Scheduler for TAS can transmit privileged UAA token in plaintext"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Scheduler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319: Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5426",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5426"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5426",
        "datePublished": "2020-11-11T17:05:15.456Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:38.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5425 (GCVE-0-2020-5425)

    Vulnerability from cvelistv5 – Published: 2020-10-31 21:45 – Updated: 2024-09-17 01:41
    VLAI
    Title
    User Impersonation possible in Tanzu SSO
    Summary
    Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu Single Sign-On for VMware Tanzu Affected: 1.11 , < 1.11.3 (custom)
    Affected: 1.12 , < 1.12.4 (custom)
    Affected: 1.13 , < 1.13.1 (custom)
    Create a notification for this product.
    Date Public
    2020-10-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5425"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Single Sign-On for VMware Tanzu",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.11.3",
                  "status": "affected",
                  "version": "1.11",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.12.4",
                  "status": "affected",
                  "version": "1.12",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.13.1",
                  "status": "affected",
                  "version": "1.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn\u0027t appear with LDAP because of chained authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-31T21:45:14.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5425"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "User Impersonation possible in Tanzu SSO",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-10-29T00:00:00.000Z",
              "ID": "CVE-2020-5425",
              "STATE": "PUBLIC",
              "TITLE": "User Impersonation possible in Tanzu SSO"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Single Sign-On for VMware Tanzu",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.11",
                                "version_value": "1.11.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.12",
                                "version_value": "1.12.4"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.13",
                                "version_value": "1.13.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn\u0027t appear with LDAP because of chained authentication."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5425",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5425"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5425",
        "datePublished": "2020-10-31T21:45:14.942Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:41:44.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5419 (GCVE-0-2020-5419)

    Vulnerability from cvelistv5 – Published: 2020-08-31 15:05 – Updated: 2024-09-16 23:31
    VLAI
    Title
    RabbitMQ arbitrary code execution using local binary planting
    Summary
    RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu RabbitMQ Affected: 3.7 , < 3.7.28 (custom)
    Affected: 3.8 , < 3.8.7 (custom)
    Create a notification for this product.
    Date Public
    2020-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5419"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RabbitMQ",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "3.7.28",
                  "status": "affected",
                  "version": "3.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.8.7",
                  "status": "affected",
                  "version": "3.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-31T15:05:19.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5419"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RabbitMQ arbitrary code execution using local binary planting",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-08-27T00:00:00.000Z",
              "ID": "CVE-2020-5419",
              "STATE": "PUBLIC",
              "TITLE": "RabbitMQ arbitrary code execution using local binary planting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RabbitMQ",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.7",
                                "version_value": "3.7.28"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.8",
                                "version_value": "3.8.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5419",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5419"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5419",
        "datePublished": "2020-08-31T15:05:20.057Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:31:18.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5415 (GCVE-0-2020-5415)

    Vulnerability from cvelistv5 – Published: 2020-08-12 16:40 – Updated: 2024-09-16 17:53
    VLAI
    Title
    Concourse's GitLab auth allows impersonation
    Summary
    Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu Concourse Affected: 6.4 , < 6.4.1 (custom)
    Affected: 6.3 , < 6.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Concourse",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "6.4.1",
                  "status": "affected",
                  "version": "6.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.1",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-12T16:40:14.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5415"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Concourse\u0027s GitLab auth allows impersonation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-08-12T02:35:17.000Z",
              "ID": "CVE-2020-5415",
              "STATE": "PUBLIC",
              "TITLE": "Concourse\u0027s GitLab auth allows impersonation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Concourse",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.4",
                                "version_value": "6.4.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.3",
                                "version_value": "6.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-290: Authentication Bypass by Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
                },
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5415",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5415"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5415",
        "datePublished": "2020-08-12T16:40:14.465Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:53:07.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5414 (GCVE-0-2020-5414)

    Vulnerability from cvelistv5 – Published: 2020-07-31 19:40 – Updated: 2024-09-17 00:37
    VLAI
    Title
    App Autoscaler logs credentials
    Summary
    VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu PCF Autoscaling Affected: All , < v232 (custom)
    Create a notification for this product.
    VMware Tanzu Operations Manager Affected: 2.7 , < 2.7.15 (custom)
    Affected: 2.8 , < 2.8.6 (custom)
    Affected: 2.9 , < 2.9.1 (custom)
    Create a notification for this product.
    VMware Tanzu VMware Tanzu Application Service for VMs Affected: 2.9.x , < 2.9.7 (custom)
    Affected: 2.7.x , < 2.7.19 (custom)
    Affected: 2.8.x , < 2.8.13 (custom)
    Create a notification for this product.
    Date Public
    2020-07-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5414"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PCF Autoscaling",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "v232",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Operations Manager",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "2.7.15",
                  "status": "affected",
                  "version": "2.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.8.6",
                  "status": "affected",
                  "version": "2.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.9.1",
                  "status": "affected",
                  "version": "2.9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VMware Tanzu Application Service for VMs",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "2.9.7",
                  "status": "affected",
                  "version": "2.9.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.7.19",
                  "status": "affected",
                  "version": "2.7.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.8.13",
                  "status": "affected",
                  "version": "2.8.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T19:40:20.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5414"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "App Autoscaler logs credentials",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-07-30T23:34:26.000Z",
              "ID": "CVE-2020-5414",
              "STATE": "PUBLIC",
              "TITLE": "App Autoscaler logs credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PCF Autoscaling",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "v232"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Operations Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.7",
                                "version_value": "2.7.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.8",
                                "version_value": "2.8.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.9",
                                "version_value": "2.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VMware Tanzu Application Service for VMs",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.9.x",
                                "version_value": "2.9.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.7.x",
                                "version_value": "2.7.19"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.8.x",
                                "version_value": "2.8.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5414",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5414"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5414",
        "datePublished": "2020-07-31T19:40:20.430Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:37:24.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5396 (GCVE-0-2020-5396)

    Vulnerability from cvelistv5 – Published: 2020-07-31 19:40 – Updated: 2024-09-16 16:23
    VLAI
    Title
    JMX Insecure Default Configuration in GemFire
    Summary
    VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu VMware Tanzu GemFire for VMs Affected: 1.10 , < 1.10.2 (custom)
    Affected: 1.11 , < 1.11.1 (custom)
    Create a notification for this product.
    VMware Tanzu VMware GemFire Affected: 9.7 , < 9.7.6 (custom)
    Affected: 9.8 , < 9.8.7 (custom)
    Affected: 9.9 , < 9.9.2 (custom)
    Affected: 9.10 , < 9.10.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2020-5396"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Tanzu GemFire for VMs",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.10.2",
                  "status": "affected",
                  "version": "1.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.11.1",
                  "status": "affected",
                  "version": "1.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VMware GemFire",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "9.7.6",
                  "status": "affected",
                  "version": "9.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.8.7",
                  "status": "affected",
                  "version": "9.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.9.2",
                  "status": "affected",
                  "version": "9.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.10.0",
                  "status": "affected",
                  "version": "9.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T19:40:19.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2020-5396"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "JMX Insecure Default Configuration in GemFire",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-07-30T23:27:40.000Z",
              "ID": "CVE-2020-5396",
              "STATE": "PUBLIC",
              "TITLE": "JMX Insecure Default Configuration in GemFire"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Tanzu GemFire for VMs",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.10",
                                "version_value": "1.10.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.11",
                                "version_value": "1.11.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VMware GemFire",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.7",
                                "version_value": "9.7.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.8",
                                "version_value": "9.8.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.9",
                                "version_value": "9.9.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.10",
                                "version_value": "9.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution."
                }
              ]
            },
            "impact": null,
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control - Generic"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2020-5396",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2020-5396"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2020-5396",
        "datePublished": "2020-07-31T19:40:19.558Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:23:21.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11286 (GCVE-0-2019-11286)

    Vulnerability from cvelistv5 – Published: 2020-07-31 19:40 – Updated: 2024-09-16 23:46
    VLAI
    Title
    JMX Credential Deserialization in GemFire
    Summary
    VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware Tanzu VMware GemFire Affected: 9.7 , < 9.7.5 (custom)
    Affected: 9.8 , < 9.8.5 (custom)
    Affected: 9.9 , < 9.9.1 (custom)
    Affected: 9.10 , < 9.10.0 (custom)
    Create a notification for this product.
    VMware Tanzu VMware Tanzu GemFire for VMs Affected: 1.9 , < 1.9.2 (custom)
    Affected: 1.10 , < 1.10.1 (custom)
    Affected: 1.8 , < 1.8.2 (custom)
    Affected: 1.11 , < 1.11.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2019-11286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware GemFire",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "9.7.5",
                  "status": "affected",
                  "version": "9.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.8.5",
                  "status": "affected",
                  "version": "9.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.9.1",
                  "status": "affected",
                  "version": "9.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.10.0",
                  "status": "affected",
                  "version": "9.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VMware Tanzu GemFire for VMs",
              "vendor": "VMware Tanzu",
              "versions": [
                {
                  "lessThan": "1.9.2",
                  "status": "affected",
                  "version": "1.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.10.1",
                  "status": "affected",
                  "version": "1.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.2",
                  "status": "affected",
                  "version": "1.8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "1.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T19:40:19.000Z",
            "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
            "shortName": "pivotal"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2019-11286"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "JMX Credential Deserialization in GemFire",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@pivotal.io",
              "DATE_PUBLIC": "2020-07-30T23:27:23.000Z",
              "ID": "CVE-2019-11286",
              "STATE": "PUBLIC",
              "TITLE": "JMX Credential Deserialization in GemFire"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware GemFire",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.7",
                                "version_value": "9.7.5"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.8",
                                "version_value": "9.8.5"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.9",
                                "version_value": "9.9.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.10",
                                "version_value": "9.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VMware Tanzu GemFire for VMs",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.9",
                                "version_value": "1.9.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.10",
                                "version_value": "1.10.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.8",
                                "version_value": "1.8.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.11",
                                "version_value": "1.11.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware Tanzu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2019-11286",
                  "refsource": "CONFIRM",
                  "url": "https://tanzu.vmware.com/security/cve-2019-11286"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "assignerShortName": "pivotal",
        "cveId": "CVE-2019-11286",
        "datePublished": "2020-07-31T19:40:19.094Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:46:18.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }