|
219901
|
5.5 |
MEDIUM
Local
|
rsa
|
archer_grc_platform
|
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-3715
|
2024-11-21 13:42 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219902
|
7.2 |
HIGH
Network
|
rsa
emc
|
authentication_manager
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain p…
|
NVD-CWE-noinfo
|
CVE-2019-3711
|
2024-11-21 13:42 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219903
|
6.8 |
MEDIUM
Physics
|
mcafee
|
database_security
|
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing passwor…
|
CWE-200
Information Exposure
|
CVE-2019-3615
|
2024-11-21 13:42 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219904
|
8.8 |
HIGH
Network
|
cloudfoundry
|
container_runtime
|
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-3780
|
2024-11-21 13:42 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219905
|
8.8 |
HIGH
Network
|
cloudfoundry
|
container_runtime
|
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2019-3779
|
2024-11-21 13:42 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219906
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
stratos
|
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a …
|
CWE-384
Session Fixation
|
CVE-2019-3784
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219907
|
8.8 |
HIGH
Network
|
cloudfoundry
|
stratos
|
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos s…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-3783
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219908
|
8.8 |
HIGH
Network
|
cloudfoundry
|
command_line_interface
|
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to log…
|
CWE-200
Information Exposure
|
CVE-2019-3781
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219909
|
9.8 |
CRITICAL
Network
|
pivotal_software
|
application_service
|
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL cert…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-3777
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219910
|
6.5 |
MEDIUM
Network
|
pivotal_software
oracle
|
spring_security_oauth
banking_corporate_lending
|
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector …
|
CWE-601
Open Redirect
|
CVE-2019-3778
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
