CVE-2018-11081Pivotal-ops-manager vulnerability

3 documents3 sources
Severity
8.8HIGHNVD
CNA7.9
EPSS
0.2%
top 63.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pivotal Pivotal-ops-managerPivotal Software Operations Manager
Timeline
PublishedOct 5
Latest updateMay 13

Description

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDpivotal_software/operations_manager1.11.01.12.25+3
CVEListV5pivotal/pivotal-ops-manager2.0.x2.0.16+3

🔴Vulnerability Details

2
GHSA
GHSA-g8xr-wjxj-2j9v: Pivotal Operations Manager, versions 22022-05-13
CVEList
Pivotal Operations Manager UAA config - temp Ram Disk2018-10-05
CVE-2018-11081 — Pivotal-ops-manager vulnerability | cvebase