Static Linux Random Number Generator Vulnerability in Pivotal Operations Manager
CVE-2018-11045
5.9MEDIUM
What is CVE-2018-11045?
Pivotal Operations Manager contains a vulnerability related to a static Linux Random Number Generator (LRNG) seed file included in specific appliance images. This issue allows an attacker with knowledge of the running OpsManager version and associated Infrastructure as a Service (IaaS) environment to retrieve the corresponding seed from the published image. By accessing this seed, the attacker could potentially predict the initial state of the LRNG, posing serious security risks to the system.
Affected Version(s)
Pivotal Operations Manager 2.1 < 2.1.6
Pivotal Operations Manager 2.0 < 2.0.15
Pivotal Operations Manager 1.12 < 1.12.22
