Reflected XSS in Pivotal Operations Manager
CVE-2019-3776

7.2HIGH

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
7 March 2019

What is CVE-2019-3776?

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

Affected Version(s)

Pivotal Ops Manager 2.2 < 2.2.16

Pivotal Ops Manager 2.3 < 2.3.10

Pivotal Ops Manager 2.4 < 2.4.3

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.