Pivotal Application Manager up to 666.0.35/677.0.21/668.0.20/669.0.12/670.0.6 CSV Injection privilege escalation

A vulnerability was found in Pivotal Application Manager up to 666.0.35/677.0.21/668.0.20/669.0.12/670.0.6 and classified as critical. Affected by this issue is an unknown function of the component CSV Handler. The manipulation as part of a Application leads to a privilege escalation vulnerability (Injection). Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 10/01/2019. The advisory is shared for download at pivotal.io. This vulnerability is handled as CVE-2019-11275 since 04/18/2019. The attack may be launched remotely. A single authentication is required for exploitation. There are neither technical details nor an exploit publicly available.

Upgrading to version 666.0.36, 677.0.22, 668.0.21, 669.0.13 or 670.0.7 eliminates this vulnerability.

Vendor

• Pivotal

Name

• Application Manager

• 🔒
• 🔒
• 🔒

• 🔒
• 🔒
• 🔒

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation / Injection (CWE-269)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: Application Manager 666.0.36/677.0.22/668.0.21/669.0.13/670.0.7

04/18/2019 CVE assigned
10/01/2019 +166 days Advisory disclosed
10/01/2019 +0 days VulDB entry created
10/01/2019 +0 days VulDB last updateVendor: pivotal.io

Advisory: pivotal.io

CVE: CVE-2019-11275 (🔒)

Created: 10/01/2019 09:33 PM
Complete: 🔍

Comments

Comments are closed.