CVE-2018-6978

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 94.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Vrealize Operations
Timeline
PublishedDec 18
Latest updateMay 13

Description

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

NVDvmware/vrealize_operations6.6.06.6.1.11286876+2

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-6www-r2fm-fcq7: vRealize Operations (72022-05-13
CVEList
CVE-2018-6978: vRealize Operations (72018-12-18
CVE-2018-6978 (MEDIUM CVSS 6.7) | vRealize Operations (7.x before 7.0 | cvebase.io