CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vmware: >> Tanzu Application Service For Vms >> 2.7.4 Security Vulnerabilities

CVE-2020-5406

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

CVSS Score

6.5

EPSS Score

0.002

Published

2020-04-10

Page 1

Vulnerabilities

Vulnerable Software

Vmware: >> Tanzu Application Service For Vms >> 2.7.4 Security Vulnerabilities

Products

Pricing

Contact Us