The Pivotal Ops Manager, 2.2.x versions before 2.2.23, 2.3.x versions before 2.3.16, 2.4.x versions before 2.4.11, and 2.5.x versions before 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software operations manager |