Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for pivotal-ops-manager by Pivotal

    CVE-2018-11081 (GCVE-0-2018-11081)

    Vulnerability from nvd – Published: 2018-10-05 21:00 – Updated: 2024-09-17 01:26
    VLAI
    Title
    Pivotal Operations Manager UAA config - temp Ram Disk
    Summary
    Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..
    CWE
    • Cleartext Storage in a File or on Disk
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11081 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal pivotal-ops-manager Affected: 1.11.x , ≤ 2 (custom)
    Affected: 2.0.x , < 2.0.16 (custom)
    Affected: 2.1.x , < 2.1.11 (custom)
    Affected: 2.2.x , < 2.2.1 (custom)
    Create a notification for this product.
    Date Public
    2018-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.568Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pivotal-ops-manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThanOrEqual": "2",
                  "status": "affected",
                  "version": "1.11.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.16",
                  "status": "affected",
                  "version": "2.0.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.11",
                  "status": "affected",
                  "version": "2.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.1",
                  "status": "affected",
                  "version": "2.2.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T20:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11081"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Pivotal Operations Manager UAA config - temp Ram Disk",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-09-27T07:00:00.000Z",
              "ID": "CVE-2018-11081",
              "STATE": "PUBLIC",
              "TITLE": "Pivotal Operations Manager UAA config - temp Ram Disk"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "pivotal-ops-manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "1.11.x",
                                "version_value": "2"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0.x",
                                "version_value": "2.0.16"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1.x",
                                "version_value": "2.1.11"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2.x",
                                "version_value": "2.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Storage in a File or on Disk"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11081",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11081"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11081",
        "datePublished": "2018-10-05T21:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:01.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11081 (GCVE-0-2018-11081)

    Vulnerability from cvelistv5 – Published: 2018-10-05 21:00 – Updated: 2024-09-17 01:26
    VLAI
    Title
    Pivotal Operations Manager UAA config - temp Ram Disk
    Summary
    Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..
    CWE
    • Cleartext Storage in a File or on Disk
    Assigner
    References
    URL Tags
    https://pivotal.io/security/cve-2018-11081 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Pivotal pivotal-ops-manager Affected: 1.11.x , ≤ 2 (custom)
    Affected: 2.0.x , < 2.0.16 (custom)
    Affected: 2.1.x , < 2.1.11 (custom)
    Affected: 2.2.x , < 2.2.1 (custom)
    Create a notification for this product.
    Date Public
    2018-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.568Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pivotal.io/security/cve-2018-11081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pivotal-ops-manager",
              "vendor": "Pivotal",
              "versions": [
                {
                  "lessThanOrEqual": "2",
                  "status": "affected",
                  "version": "1.11.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.16",
                  "status": "affected",
                  "version": "2.0.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.11",
                  "status": "affected",
                  "version": "2.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.1",
                  "status": "affected",
                  "version": "2.2.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T20:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pivotal.io/security/cve-2018-11081"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Pivotal Operations Manager UAA config - temp Ram Disk",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-09-27T07:00:00.000Z",
              "ID": "CVE-2018-11081",
              "STATE": "PUBLIC",
              "TITLE": "Pivotal Operations Manager UAA config - temp Ram Disk"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "pivotal-ops-manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "1.11.x",
                                "version_value": "2"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.0.x",
                                "version_value": "2.0.16"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.1.x",
                                "version_value": "2.1.11"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.2.x",
                                "version_value": "2.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pivotal"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Storage in a File or on Disk"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pivotal.io/security/cve-2018-11081",
                  "refsource": "CONFIRM",
                  "url": "https://pivotal.io/security/cve-2018-11081"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11081",
        "datePublished": "2018-10-05T21:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:01.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }