CVE-2016-0930 — Race Condition in Operations Manager

CWE-362 — Race Condition CWE-787 — Out-of-bounds Write9 documents4 sources

Severity

9.8CRITICALNVD

GHSA7.5

EPSS

0.3%

top 43.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Operations Manager

Timeline

PublishedSep 18

Latest updateMay 17

Description

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDpivotal/operations_manager1.6.18+10

🔴Vulnerability Details

GHSA

GHSA-q7pf-9582-g8f4: Pivotal Cloud Foundry (PCF) Ops Manager before 1↗2022-05-17

▶

GHSA

ChakraCore RCE Vulnerability↗2022-05-13

▶

GHSA

ChakraCore RCE Vulnerability↗2022-05-13

▶

GHSA

ChakraCore RCE Vulnerability↗2022-05-13

▶

GHSA

ChakraCore RCE Vulnerability↗2022-05-13

▶