CVE-2019-3793 HIGH

CVE-2019-3793: Invitations Service supports HTTP connections

Vendor Pivotal
Product Apps Manager
Weakness CWE-300
Published April 24, 2019
Last update September 17, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.

Key dates

02Disclosure timeline

April 24, 2019 CVE published
September 17, 2024 Record updated