NGINX Vulnerability in Pivotal Operations Manager Affects Multiple Versions
CVE-2018-11046

6.5MEDIUM

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
25 June 2018

What is CVE-2018-11046?

Pivotal Operations Manager, specifically versions 2.1.x prior to 2.1.6 and version 2.0.14, utilizes NGINX packages that do not have necessary security patches applied. This oversight could potentially allow an attacker with access to the NGINX processes to exploit these vulnerabilities, impacting the functionality and security of the Operations Manager.

Affected Version(s)

Operations Manager 2.0.14

Operations Manager 2.1.x < 2.1.6

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.