CVE-2019-3776: Reflected XSS in Pivotal Operations Manager
Severity
High
Vendor
Pivotal
Description
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Operations Manager
- 2.1.x versions prior to 2.1.20
- 2.2.x versions prior to 2.2.16
- 2.3.x versions prior to 2.3.10
- 2.4.x versions prior to 2.4.3
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager 2.1.20, 2.2.16, 2.3.10, 2.4.3
History
2019-02-19: Initial vulnerability report published