How severe is CVE-2020-5414?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2020-5414?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2020-5414 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.

Related Vulnerabilities

CVE-2012-1994

MEDIUM

CVSS:5.7(Medium)

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

CWE-2002012

CVE-2016-3037

MEDIUM

CVSS:5.7(Medium)

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X...

CWE-2002016

CVE-2016-5602

MEDIUM

CVSS:5.7(Medium)

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect...

CWE-2002016

CVE-2017-1214

MEDIUM

CVSS:5.7(Medium)

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

CWE-2002017

CVE-2017-20101

MEDIUM

CVSS:5.7(Medium)

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file ...

CWE-2002017

CVE-2017-3292

MEDIUM

CVSS:5.7(Medium)

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploi...

CWE-2002017