CVE-2019-3776: Reflected XSS in Pivotal Operations Manager

Severity

High

Vendor

Pivotal

Description

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

Pivotal Operations Manager
- 2.1.x versions prior to 2.1.20
- 2.2.x versions prior to 2.2.16
- 2.3.x versions prior to 2.3.10
- 2.4.x versions prior to 2.4.3

Mitigation

Users of affected versions should apply the following mitigation:

Releases that have fixed this issue include:
- Pivotal Operations Manager 2.1.20, 2.2.16, 2.3.10, 2.4.3

History

2019-02-19: Initial vulnerability report published