CVE-2016-0898

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
vmwarepivotal_software_mysql
1.7.0
vmwarepivotal_software_mysql
1.7.0.1
vmwarepivotal_software_mysql
1.7.0.2
vmwarepivotal_software_mysql
1.7.0.3
vmwarepivotal_software_mysql
1.7.0.4
vmwarepivotal_software_mysql
1.7.1
vmwarepivotal_software_mysql
1.7.2
vmwarepivotal_software_mysql
1.7.3
vmwarepivotal_software_mysql
1.7.4
vmwarepivotal_software_mysql
1.7.5
vmwarepivotal_software_mysql
1.7.6
vmwarepivotal_software_mysql
1.7.7
vmwarepivotal_software_mysql
1.7.8
vmwarepivotal_software_mysql
1.7.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95146
https://pivotal.io/security/cve-2016-0898
http://www.securityfocus.com/bid/95146
https://pivotal.io/security/cve-2016-0898