{"containers":{"cna":{"affected":[{"product":"VMware Tanzu Application Service for VMs","vendor":"Pivotal","versions":[{"lessThan":"2.8.5","status":"affected","version":"2.8.x","versionType":"custom"},{"lessThan":"2.7.11","status":"affected","version":"2.7.x","versionType":"custom"},{"lessThan":"2.6.18","status":"affected","version":"2.6.x","versionType":"custom"}]}],"datePublic":"2020-04-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"CWE-522: Insufficiently Protected Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-04-10T18:50:12.000Z","orgId":"862b2186-222f-48b9-af87-f1fb7bb26d03","shortName":"pivotal"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://tanzu.vmware.com/security/cve-2020-5406"}],"source":{"discovery":"UNKNOWN"},"title":"PCF Autoscaling logs its database credentials","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@pivotal.io","DATE_PUBLIC":"2020-04-09T19:33:58.000Z","ID":"CVE-2020-5406","STATE":"PUBLIC","TITLE":"PCF Autoscaling logs its database credentials"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"VMware Tanzu Application Service for VMs","version":{"version_data":[{"affected":"<","version_affected":"<","version_name":"2.8.x","version_value":"2.8.5"},{"affected":"<","version_affected":"<","version_name":"2.7.x","version_value":"2.7.11"},{"affected":"<","version_affected":"<","version_name":"2.6.x","version_value":"2.6.18"}]}}]},"vendor_name":"Pivotal"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling."}]},"impact":null,"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-522: Insufficiently Protected Credentials"}]}]},"references":{"reference_data":[{"name":"https://tanzu.vmware.com/security/cve-2020-5406","refsource":"CONFIRM","url":"https://tanzu.vmware.com/security/cve-2020-5406"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:30:23.971Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://tanzu.vmware.com/security/cve-2020-5406"}]}]},"cveMetadata":{"assignerOrgId":"862b2186-222f-48b9-af87-f1fb7bb26d03","assignerShortName":"pivotal","cveId":"CVE-2020-5406","datePublished":"2020-04-10T18:50:12.090Z","dateReserved":"2020-01-03T00:00:00.000Z","dateUpdated":"2024-09-17T03:17:26.159Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}