CVE-2018-15762 — Improper Privilege Management in Cloud Foundry Pivotal Operations Manager

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGHNVD

CNA9.0

EPSS

0.2%

top 55.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Cloud Foundry Pivotal Operations Manager Pivotal Software Operations Manager

Timeline

PublishedNov 2

Latest updateMay 13

Description

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDpivotal_software/operations_manager2.0.0 — 2.0.24+3

▶CVEListV5pivotal_cloud_foundry/pivotal_operations_manager2.0.x — 2.0.24+3

🔴Vulnerability Details

GHSA

GHSA-hmj9-qjcc-6gv7: Pivotal Operations Manager, versions 2↗2022-05-13

▶

CVEList

Pivotal Operations Manager gives all users heightened privileges↗2018-11-02

▶