How severe is CVE-2019-11276?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2019-11276?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2019-11276 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.

Related Vulnerabilities

CVE-2024-28169

MEDIUM

CVSS:5.4(Medium)

Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent...

CWE-3192024

CVE-2024-49387

MEDIUM

CVSS:5.4(Medium)

Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

CWE-3192024

CVE-2007-5626

MEDIUM

CVSS:5.5(Medium)

make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows contex...

CWE-3192007

CVE-2010-4177

MEDIUM

CVSS:5.5(Medium)

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.

CWE-3192010

CVE-2012-1257

MEDIUM

CVSS:5.5(Medium)

Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

CWE-3192012

CVE-2017-6410

MEDIUM

CVSS:5.5(Medium)

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, ...

CWE-3192017