CVE-2018-11081

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

CVSS v3 7.9 HIGH
CVSS v2.0 4.0 MEDIUM

7.9^/10

CVSS v3 : HIGH

Vector : AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://pivotal.io/security/cve-2018-11081	Vendor Advisory
https://pivotal.io/security/cve-2018-11081	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal_software:operations_manager::::::::
	cpe:2.3:a:pivotal_software:operations_manager::::::::
	cpe:2.3:a:pivotal_software:operations_manager::::::::
	cpe:2.3:a:pivotal_software:operations_manager::::::::

History

21 Nov 2024, 03:42

Type	Values Removed	Values Added
References	~~() https://pivotal.io/security/cve-2018-11081 - Vendor Advisory~~	() https://pivotal.io/security/cve-2018-11081 - Vendor Advisory
CVSS	v2 : ~~4.0~~ v3 : ~~8.8~~	v2 : 4.0 v3 : 7.9

Information

Published : 2018-10-05 21:29

Updated : 2024-11-21 03:42

NVD link : CVE-2018-11081

Mitre link : CVE-2018-11081

CVE.ORG link : CVE-2018-11081

JSON object : View

Products Affected

pivotal_software

operations_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-11081", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-10-05T21:29:00.513", "references": [{"url": "https://pivotal.io/security/cve-2018-11081", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2018-11081", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."}, {"lang": "es", "value": "Pivotal Operations Manager, en versiones 2.2.x anteriores a la 2.2.1, 2.1.x anteriores a la 2.1.11, 2.0.x anteriores a la 2.0.16 y 1.11.x anteriores a la 2, fracasa a la hora de escribir el archivo de configuraci\u00f3n Operations Manager UAA en el disco RAM temporal, exponiendo as\u00ed las configuraciones directamente en el disco. Un usuario remoto que haya obtenido acceso a la m\u00e1quina virtual de Operations Manager puede ahora buscar y hallar las credenciales UAA para Operations Manager en el disco del sistema."}], "lastModified": "2024-11-21T03:42:38.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "577F5FBF-5F20-4ABC-B599-9A1A95DA28A3", "versionEndExcluding": "1.12.25", "versionStartIncluding": "1.11.0"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D795BC6F-2426-46F4-9DA4-F83FC751D263", "versionEndExcluding": "2.0.16", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A61546-774C-4912-9BB5-F05C48D2A06B", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E11C1C-DD72-460E-91E0-CDBF335711ED", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}