Medium severity6.1NVD Advisory· Published Jun 6, 2019· Updated Jun 17, 2026
CVE-2019-3790
CVE-2019-3790
Description
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Affected products
2- Range: < 2.2.23, < 2.3.16, < 2.4.11, < 2.5.3
- Range: 2.3
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/108512nvdThird Party AdvisoryVDB Entry
- pivotal.io/security/cve-2019-3790nvdVendor Advisory
News mentions
0No linked articles in our index yet.