CVE-2018-1192: UAA SessionID present in Audit Event Logs
Severity
High
References
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Operations Manager
- 2.0.x versions prior to 2.0.3
- 1.12.x versions prior to 1.12.10
- 1.11.x versions prior to 1.11.19
- Pivotal Application Service
- 2.0.x versions prior to 2.0.3
- 1.12.x versions prior to 1.12.12
- 1.11.x versions prior to 1.11.24
- 1.10.x versions prior to 1.10.39
- 1.9.x versions prior to 1.9.48
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.0.3, 1.12.10, 1.11.19
- Pivotal Application Service: 2.0.3, 1.12.12, 1.11.24, 1.10.39, 1.9.48