Back to search
CVE-2020-5406
Published: Apr 10, 2020
Modified: Sep 17, 2024
PUBLISHED
Description
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
| Vendor | Product | Versions |
|---|---|---|
Pivotal | VMware Tanzu Application Service for VMs | affected 2.8.x - < 2.8.5affected 2.7.x - < 2.7.11affected 2.6.x - < 2.6.18 |
Weaknesses (CWE)
References
https://tanzu.vmware.com/security/cve-2020-5406
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now