Vulnerability Details : CVE-2019-11288
In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.
Products affected by CVE-2019-11288
- cpe:2.3:a:pivotal:tc_runtimes:*:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:tc_runtimes:*:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:tc_runtimes:*:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:tc_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:tc_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11288
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11288
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
7.3
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
Pivotal Software, Inc. | |
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2019-11288
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: security@pivotal.io (Secondary)
References for CVE-2019-11288
-
https://pivotal.io/security/cve-2019-11288
CVE-2019-11288: tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation | Security | PivotalVendor Advisory
Jump to