CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5414 – App Autoscaler logs credentials
https://notcve.org/view.php?id=CVE-2020-5414
31 Jul 2020 — VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Pr... • https://tanzu.vmware.com/security/cve-2020-5414 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11292 – Pivotal Ops Manager logs query parameters in tomcat access file
https://notcve.org/view.php?id=CVE-2019-11292
08 Jan 2020 — Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. Pivotal Ops Manager, versiones 2.4.x anteriores a la versión 2.4.27, 2.5.x anteriores a la versión 2.5.24, 2.6.x anteriores a la versión 2.6.16 y 2.7.x anteriores a la versión 2.7.5, registra todos los parámetros de consulta ... • https://pivotal.io/security/cve-2019-11292 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4380 – HP Security Bulletin HPSBGN03637 1
https://notcve.org/view.php?id=CVE-2016-4380
31 Aug 2016 — Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. A potential vulnerability has been identified in the AdminUI of the HP ... • http://www.securityfocus.com/bid/92698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4373 – HP Security Bulletin HPSBGN03630 1
https://notcve.org/view.php?id=CVE-2016-4373
26 Jul 2016 — The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). A v... • http://www.securityfocus.com/bid/92122 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 88%CPEs: 4EXPL: 6CVE-2014-5073 – VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-5073
14 Aug 2014 — vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. vmtadmin.cgi en VMTurbo Operations Manager anterior a 4.6 build 28657 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro fileDate en una llamada DOWN. • https://packetstorm.news/files/id/127864 •
CVSS: 7.5EPSS: 13%CPEs: 2EXPL: 3CVE-2014-3806 – VM Turbo Operations Manager 4.5x - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-3806
21 May 2014 — Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. Vulnerabilidad de salto de directorio en cgi-bin/help/doIt.cgi en VMTurbo Operations Manager anterior a 4.6 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el parámetro xml_path. • https://www.exploit-db.com/exploits/33334 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •