Pivotal Application Manager, versions 666.0.x before 666.0.36, versions 667.0.x before 667.0.22, versions 668.0.x before 668.0.21, versions 669.0.x before 669.0.13, and versions 670.0.x before 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal apps manager |
||
pivotal software pivotal application service |