VYPR

Tanzu Application Service for VMs

by VMware

CVEs (3)

  • CVE-2023-20891MedJul 26, 2023
    risk 0.42cvss 6.5epss 0.01

    The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can…

  • CVE-2020-5406MedApr 10, 2020
    risk 0.42cvss 6.5epss 0.01

    VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A…

  • CVE-2020-5414MedJul 31, 2020
    risk 0.37cvss 5.7epss 0.01

    VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the…