CVE-2018-15762
9
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal Cloud Foundry | Pivotal Operations Manager | 2.0.x < 2.0.24 | affected |
| Pivotal Cloud Foundry | Pivotal Operations Manager | 2.1.x < 2.1.15 | affected |
| Pivotal Cloud Foundry | Pivotal Operations Manager | 2.2.x < 2.2.7 | affected |
| Pivotal Cloud Foundry | Pivotal Operations Manager | 2.3.x < 2.3.1 | affected |
Weaknesses
- Improper Authorization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.