Vulnerability Description
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Operations Manager | >= 2.1.0, < 2.1.20 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107344Third Party AdvisoryVDB Entry
- https://pivotal.io/security/cve-2019-3776Vendor Advisory
- http://www.securityfocus.com/bid/107344Third Party AdvisoryVDB Entry
- https://pivotal.io/security/cve-2019-3776Vendor Advisory
FAQ
What is CVE-2019-3776?
CVE-2019-3776 is a vulnerability with a CVSS score of 7.2 (HIGH). Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vul...
How severe is CVE-2019-3776?
CVE-2019-3776 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3776?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Operations Manager.