Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

CVE-2019-3776: Reflected XSS in Pivotal Operations Manager






Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Operations Manager
    • 2.1.x versions prior to 2.1.20
    • 2.2.x versions prior to 2.2.16
    • 2.3.x versions prior to 2.3.10
    • 2.4.x versions prior to 2.4.3

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager 2.1.20, 2.2.16, 2.3.10, 2.4.3

2019-02-19: Initial vulnerability report published

Contact us