Unrated severityNVD Advisory· Published Jun 6, 2019· Updated Sep 16, 2024

Ops Manager uaa client issues tokens after refresh token expiration

CVE-2019-3790

Description

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.

Affected products

Cloudfoundry/Ops Managercpe-rescue
Range: 2.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/108512mitrevdb-entryx_refsource_BID
pivotal.io/security/cve-2019-3790mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000