Vulnerability Description
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Operations Manager | >= 2.2.0, < 2.2.23 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108512Third Party AdvisoryVDB Entry
- https://pivotal.io/security/cve-2019-3790Vendor Advisory
- http://www.securityfocus.com/bid/108512Third Party AdvisoryVDB Entry
- https://pivotal.io/security/cve-2019-3790Vendor Advisory
FAQ
What is CVE-2019-3790?
CVE-2019-3790 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refre...
How severe is CVE-2019-3790?
CVE-2019-3790 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3790?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Operations Manager.