CVE-2016-0898

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
References
Link Resource
http://www.securityfocus.com/bid/95146 Third Party Advisory VDB Entry
https://pivotal.io/security/cve-2016-0898 Vendor Advisory
http://www.securityfocus.com/bid/95146 Third Party Advisory VDB Entry
https://pivotal.io/security/cve-2016-0898 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:pivotal_software_mysql:1.7.0:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.0.1:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.0.2:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.0.3:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.0.4:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.1:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.2:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.3:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.4:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.5:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.6:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.7:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.8:*:*:*:*:pcf_tiles:*:*
cpe:2.3:a:vmware:pivotal_software_mysql:1.7.9:*:*:*:*:pcf_tiles:*:*

History

21 Nov 2024, 02:42

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/95146 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95146 - Third Party Advisory, VDB Entry
References () https://pivotal.io/security/cve-2016-0898 - Vendor Advisory () https://pivotal.io/security/cve-2016-0898 - Vendor Advisory

Information

Published : 2018-03-29 22:29

Updated : 2024-11-21 02:42


NVD link : CVE-2016-0898

Mitre link : CVE-2016-0898

CVE.ORG link : CVE-2016-0898


JSON object : View

Products Affected

vmware

  • pivotal_software_mysql
CWE
CWE-255

Credentials Management Errors

CWE-532

Insertion of Sensitive Information into Log File