Medium severity6.5NVD Advisory· Published Jan 9, 2020· Updated Jun 17, 2026
CVE-2019-11292
CVE-2019-11292
Description
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Affected products
2- Range: prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5
- Range: 2.7
Patches
Vulnerability mechanics
References
1- pivotal.io/security/cve-2019-11292nvdVendor Advisory
News mentions
0No linked articles in our index yet.