CVE-2018-11045
N/A
N/A
Summary
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Pivotal Operations Manager | 2.1 < 2.1.6 | affected |
| Pivotal | Pivotal Operations Manager | 2.0 < 2.0.15 | affected |
| Pivotal | Pivotal Operations Manager | 1.12 < 1.12.22 | affected |
Weaknesses
- Random number generation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.