HIGH🇬🇧 English

CVE-2018-11081

CVSS 7.9v3.0pub. 2018-10-05upd. 2024-11-21

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Pivotal Software Operations Manager

    APP
    Pivotal Software
    1.11.0 – 1.12.25 (bez)2.0.0 – 2.0.16 (bez)2.1.0 – 2.1.11 (bez)2.2.0 – 2.2.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-15762CRITICAL9.0ten sam produkt

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x pri...

CVE-2016-0897CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, ...

CVE-2016-0883CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption k...

CVE-2019-11270HIGH7.5ten sam produkt

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...

CVE-2019-3776HIGH7.2ten sam produkt

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions pri...