Pivotal Operations Manager UAA config - temp Ram Disk
CVE-2018-11081

7.9HIGH

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
5 October 2018

What is CVE-2018-11081?

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

Affected Version(s)

pivotal-ops-manager 1.11.x <= 2

pivotal-ops-manager 2.0.x < 2.0.16

pivotal-ops-manager 2.1.x < 2.1.11

References

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.