CVE-2020-5406 — MEDIUM (6.5)

Q: How severe is CVE-2020-5406?

CVE-2020-5406 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5406?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Tanzu Application Service For Vms.

Vulnerability Description

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Vmware	Tanzu Application Service For Vms	>= 2.6.0, < 2.6.18

Related Weaknesses (CWE)

CWE-522

References

https://tanzu.vmware.com/security/cve-2020-5406Vendor Advisory
https://tanzu.vmware.com/security/cve-2020-5406Vendor Advisory

FAQ

What is CVE-2020-5406?

CVE-2020-5406 is a vulnerability with a CVSS score of 6.5 (MEDIUM). VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database ...

How severe is CVE-2020-5406?

CVE-2020-5406 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5406?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Tanzu Application Service For Vms.