Unrated severityNVD Advisory· Published Apr 10, 2020· Updated Sep 17, 2024
PCF Autoscaling logs its database credentials
CVE-2020-5406
Description
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 2.6.x < 2.6.18, 2.7.x < 2.7.11, 2.8.x < 2.8.5
- Pivotal/VMware Tanzu Application Service for VMsv5Range: 2.8.x
Patches
Vulnerability mechanics
References
1- tanzu.vmware.com/security/cve-2020-5406mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.