CVE-2019-11288

EUVD-2019-2974

27.01.2020, 19:15

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
pivotal	CNA	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
pivotal	tc_runtimes	7.0.70.b ≤ 𝑥 < 7.0.99.b
pivotal	tc_runtimes	8.5.4.b ≤ 𝑥 < 8.5.47.a
pivotal	tc_runtimes	9.0.6.b ≤ 𝑥 < 9.0.27.a
pivotal	tc_server	3.0.0 ≤ 𝑥 < 3.2.19
pivotal	tc_server	4.0.0 ≤ 𝑥 < 4.0.10

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://pivotal.io/security/cve-2019-11288