CVE-2020-5406
Last modified
CVE-2020-5406 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.
Description
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Tanzu Application Service For Vms | >= 2.6.0, < 2.6.18 |
| Vmware | Tanzu Application Service For Vms | >= 2.7.0, < 2.7.11 |
| Vmware | Tanzu Application Service For Vms | >= 2.8.0, < 2.8.5 |
References
- https://tanzu.vmware.com/security/cve-2020-5406Vendor Advisory
- https://tanzu.vmware.com/security/cve-2020-5406Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5406?
How severe is CVE-2020-5406?
How do I fix CVE-2020-5406?
Are you affected by CVE-2020-5406?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST