Pivotal Operations Manager vulnerabilities
2 known vulnerabilities affecting pivotal/pivotal_operations_manager.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-11049HIGHCVSS 7.3vRSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and Virtual Application deployments only)vRSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only).+2 more2018-07-11
CVE-2018-11049 [HIGH] CWE-427 CVE-2018-11049: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have a
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
cvelistv5nvd
CVE-2018-11045MEDIUMCVSS 5.9≥ 2.1, < 2.1.6≥ 2.0, < 2.0.15+1 more2018-07-11
CVE-2018-11045 [MEDIUM] CWE-330 CVE-2018-11045: Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the publish
cvelistv5nvd