CVE-2019-3776
Published Mar 7, 2019
Last updated 5 years ago
Overview
- Description
- Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.
- Source
- security_alert@emc.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E9BCD2D-2334-4699-B965-77319572FD16",
"versionEndExcluding": "2.1.20",
"versionStartIncluding": "2.1.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9F206D8-902B-49BF-B1DE-D0FF3674D559",
"versionEndExcluding": "2.2.16",
"versionStartIncluding": "2.2.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10C5B035-355F-447E-8717-26789EAFC8F9",
"versionEndExcluding": "2.3.10",
"versionStartIncluding": "2.3.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90F061DB-885E-4AAB-B8A4-CDF0A274DCC6",
"versionEndExcluding": "2.4.3",
"versionStartIncluding": "2.4.0"
}
],
"operator": "OR"
}
]
}
]