CVE-2018-11081
7.9
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | pivotal-ops-manager | 1.11.x <= 2 | affected |
| Pivotal | pivotal-ops-manager | 2.0.x < 2.0.16 | affected |
| Pivotal | pivotal-ops-manager | 2.1.x < 2.1.11 | affected |
| Pivotal | pivotal-ops-manager | 2.2.x < 2.2.1 | affected |
Weaknesses
- Cleartext Storage in a File or on Disk
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.