CRITICAL🇬🇧 English

CVE-2018-15762

CVSS 9.0v3.0pub. 2018-11-02upd. 2024-11-21

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Pivotal Software Operations Manager

    APP
    Pivotal Software
    2.0.0 – 2.0.24 (bez)2.1.0 – 2.1.15 (bez)2.2.0 – 2.2.7 (bez)2.3.0 – 2.3.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2016-0883CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption k...

CVE-2016-0897CRITICAL9.8ten sam produkt

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, ...

CVE-2019-11270HIGH7.5ten sam produkt

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...

CVE-2019-3776HIGH7.2ten sam produkt

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions pri...

CVE-2018-11081HIGH7.9ten sam produkt

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1...