← Back to CVEs
CVE-2016-0898
CRITICAL10.0
Description
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/29/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
vmware:pivotal_software_mysql
Weaknesses (CWE)
CWE-255CWE-532
References
http://www.securityfocus.com/bid/95146(security_alert@emc.com)
https://pivotal.io/security/cve-2016-0898(security_alert@emc.com)
http://www.securityfocus.com/bid/95146(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2016-0898(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.