The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2019-06-06T19:16:16.854483Z
Updated: 2024-09-16T22:20:48.221Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3790
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-06T19:29:00.783
Modified: 2019-10-09T23:49:39.663
Link: CVE-2019-3790
Redhat
No data.