Pivotal Cloud Foundry (PCF) Ops Manager prior to 1.5.14 and 1.6.x prior to 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote malicious users to bypass session authentication by leveraging knowledge of this key from another installation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software operations manager |
||
pivotal software operations manager 1.6.1 |
||
pivotal software operations manager 1.6.6 |
||
pivotal software operations manager 1.6.8 |
||
pivotal software operations manager 1.6.2 |
||
pivotal software operations manager 1.6.3 |
||
pivotal software operations manager 1.6.4 |
||
pivotal software operations manager 1.6.5 |
||
pivotal software operations manager 1.6.0 |
||
pivotal software operations manager 1.6.7 |