CVE-2016-0898

EUVD-2016-0909
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
vmwarepivotal_software_mysql
1.7.0
vmwarepivotal_software_mysql
1.7.0.1
vmwarepivotal_software_mysql
1.7.0.2
vmwarepivotal_software_mysql
1.7.0.3
vmwarepivotal_software_mysql
1.7.0.4
vmwarepivotal_software_mysql
1.7.1
vmwarepivotal_software_mysql
1.7.2
vmwarepivotal_software_mysql
1.7.3
vmwarepivotal_software_mysql
1.7.4
vmwarepivotal_software_mysql
1.7.5
vmwarepivotal_software_mysql
1.7.6
vmwarepivotal_software_mysql
1.7.7
vmwarepivotal_software_mysql
1.7.8
vmwarepivotal_software_mysql
1.7.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95146
https://pivotal.io/security/cve-2016-0898
http://www.securityfocus.com/bid/95146
https://pivotal.io/security/cve-2016-0898