Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Pivotal Operations Manager by Pivotal

    CVE-2018-11049 (GCVE-0-2018-11049)

    Vulnerability from nvd – Published: 2018-07-11 20:00 – Updated: 2024-09-17 04:20
    VLAI
    Title
    RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability
    Summary
    RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
    Severity
    No CVSS data available.
    CWE
    • uncontrolled search path vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/104722 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2018/Jul/23 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1041228 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Operations Manager Affected: RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and Virtual Application deployments only)
    Affected: RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only).
    Affected: RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)
    Affected: RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)
    Create a notification for this product.
    Date Public
    2018-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104722"
              },
              {
                "name": "20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
              },
              {
                "name": "1041228",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041228"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Operations Manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and  Virtual Application deployments only)"
                },
                {
                  "status": "affected",
                  "version": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels  (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)."
                },
                {
                  "status": "affected",
                  "version": "RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as  Soft-Appliance) deployments only)"
                },
                {
                  "status": "affected",
                  "version": "RSA Identity Management \u0026 Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software  Bundle (also known as Soft-Appliance)  deployments only)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "uncontrolled search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-13T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "104722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104722"
            },
            {
              "name": "20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
            },
            {
              "name": "1041228",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041228"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-07-06T04:00:00.000Z",
              "ID": "CVE-2018-11049",
              "STATE": "PUBLIC",
              "TITLE": "RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Operations Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and  Virtual Application deployments only)"
                              },
                              {
                                "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels  (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)."
                              },
                              {
                                "version_value": "RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as  Soft-Appliance) deployments only)"
                              },
                              {
                                "version_value": "RSA Identity Management \u0026 Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software  Bundle (also known as Soft-Appliance)  deployments only)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "uncontrolled search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104722"
                },
                {
                  "name": "20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
                },
                {
                  "name": "1041228",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041228"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11049",
        "datePublished": "2018-07-11T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:20:09.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11045 (GCVE-0-2018-11045)

    Vulnerability from nvd – Published: 2018-07-11 20:00 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
    Severity
    No CVSS data available.
    CWE
    • Random number generation
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11045 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Operations Manager Affected: 2.1 , < 2.1.6 (custom)
    Affected: 2.0 , < 2.0.15 (custom)
    Affected: 1.12 , < 1.12.22 (custom)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.497Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11045"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Operations Manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.1.6",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.15",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.12.22",
                  "status": "affected",
                  "version": "1.12",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Random number generation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T19:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11045"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-07-10T04:00:00.000Z",
              "ID": "CVE-2018-11045",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Operations Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1",
                                "version_value": "2.1.6"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0",
                                "version_value": "2.0.15"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "1.12",
                                "version_value": "1.12.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Random number generation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11045",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11045"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11045",
        "datePublished": "2018-07-11T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:33.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11049 (GCVE-0-2018-11049)

    Vulnerability from cvelistv5 – Published: 2018-07-11 20:00 – Updated: 2024-09-17 04:20
    VLAI
    Title
    RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability
    Summary
    RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
    Severity
    No CVSS data available.
    CWE
    • uncontrolled search path vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/104722 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2018/Jul/23 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1041228 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Operations Manager Affected: RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and Virtual Application deployments only)
    Affected: RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only).
    Affected: RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)
    Affected: RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)
    Create a notification for this product.
    Date Public
    2018-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104722"
              },
              {
                "name": "20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
              },
              {
                "name": "1041228",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041228"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Operations Manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "status": "affected",
                  "version": "RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and  Virtual Application deployments only)"
                },
                {
                  "status": "affected",
                  "version": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels  (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)."
                },
                {
                  "status": "affected",
                  "version": "RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as  Soft-Appliance) deployments only)"
                },
                {
                  "status": "affected",
                  "version": "RSA Identity Management \u0026 Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software  Bundle (also known as Soft-Appliance)  deployments only)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "uncontrolled search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-13T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "104722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104722"
            },
            {
              "name": "20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
            },
            {
              "name": "1041228",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041228"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-07-06T04:00:00.000Z",
              "ID": "CVE-2018-11049",
              "STATE": "PUBLIC",
              "TITLE": "RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Operations Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and  Virtual Application deployments only)"
                              },
                              {
                                "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels  (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)."
                              },
                              {
                                "version_value": "RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as  Soft-Appliance) deployments only)"
                              },
                              {
                                "version_value": "RSA Identity Management \u0026 Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software  Bundle (also known as Soft-Appliance)  deployments only)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "uncontrolled search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104722"
                },
                {
                  "name": "20180705 DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/23"
                },
                {
                  "name": "1041228",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041228"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11049",
        "datePublished": "2018-07-11T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:20:09.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11045 (GCVE-0-2018-11045)

    Vulnerability from cvelistv5 – Published: 2018-07-11 20:00 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
    Severity
    No CVSS data available.
    CWE
    • Random number generation
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11045 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal Pivotal Operations Manager Affected: 2.1 , < 2.1.6 (custom)
    Affected: 2.0 , < 2.0.15 (custom)
    Affected: 1.12 , < 1.12.22 (custom)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.497Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11045"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pivotal Operations Manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThan": "2.1.6",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.15",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.12.22",
                  "status": "affected",
                  "version": "1.12",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Random number generation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T19:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11045"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-07-10T04:00:00.000Z",
              "ID": "CVE-2018-11045",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pivotal Operations Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1",
                                "version_value": "2.1.6"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0",
                                "version_value": "2.0.15"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "1.12",
                                "version_value": "1.12.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Random number generation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11045",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11045"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11045",
        "datePublished": "2018-07-11T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:33.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }