CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5406

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2020-5406

Vmware » Tanzu Application Service For Vms » Version: 2.6.0

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.0
Vmware » Tanzu Application Service For Vms » Version: 2.6.1

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.1
Vmware » Tanzu Application Service For Vms » Version: 2.6.10

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.10
Vmware » Tanzu Application Service For Vms » Version: 2.6.11

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.11
Vmware » Tanzu Application Service For Vms » Version: 2.6.12

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.12
Vmware » Tanzu Application Service For Vms » Version: 2.6.13

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.13
Vmware » Tanzu Application Service For Vms » Version: 2.6.14

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.14
Vmware » Tanzu Application Service For Vms » Version: 2.6.15

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.15
Vmware » Tanzu Application Service For Vms » Version: 2.6.16

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.16
Vmware » Tanzu Application Service For Vms » Version: 2.6.17

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.17
Vmware » Tanzu Application Service For Vms » Version: 2.6.2

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.2
Vmware » Tanzu Application Service For Vms » Version: 2.6.3

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.3
Vmware » Tanzu Application Service For Vms » Version: 2.6.4

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.4
Vmware » Tanzu Application Service For Vms » Version: 2.6.5

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.5
Vmware » Tanzu Application Service For Vms » Version: 2.6.6

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.6
Vmware » Tanzu Application Service For Vms » Version: 2.6.7

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.7
Vmware » Tanzu Application Service For Vms » Version: 2.6.8

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.8
Vmware » Tanzu Application Service For Vms » Version: 2.6.9

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.6.9
Vmware » Tanzu Application Service For Vms » Version: 2.7.0

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.0
Vmware » Tanzu Application Service For Vms » Version: 2.7.1

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.1
Vmware » Tanzu Application Service For Vms » Version: 2.7.10

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.10
Vmware » Tanzu Application Service For Vms » Version: 2.7.2

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.2
Vmware » Tanzu Application Service For Vms » Version: 2.7.3

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.3
Vmware » Tanzu Application Service For Vms » Version: 2.7.4

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.4
Vmware » Tanzu Application Service For Vms » Version: 2.7.5

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.5
Vmware » Tanzu Application Service For Vms » Version: 2.7.6

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.6
Vmware » Tanzu Application Service For Vms » Version: 2.7.7

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.7
Vmware » Tanzu Application Service For Vms » Version: 2.7.8

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.8
Vmware » Tanzu Application Service For Vms » Version: 2.7.9

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.7.9
Vmware » Tanzu Application Service For Vms » Version: 2.8.0

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.8.0
Vmware » Tanzu Application Service For Vms » Version: 2.8.1

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.8.1
Vmware » Tanzu Application Service For Vms » Version: 2.8.2

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.8.2
Vmware » Tanzu Application Service For Vms » Version: 2.8.3

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.8.3
Vmware » Tanzu Application Service For Vms » Version: 2.8.4

cpe:2.3:a:vmware:tanzu_application_service_for_vms:2.8.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5406

Products

Pricing

Contact Us