CVE-2018-11081

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

Published: Oct 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-11081
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pivotal_software / operations_manager	1.11.0	1.12.25
pivotal_software / operations_manager	2.0.0	2.0.16
pivotal_software / operations_manager	2.1.0	2.1.11
pivotal_software / operations_manager	2.2.0	2.2.1

https://pivotal.io/security/cve-2018-11081

Vulnerability Database

289,599

CVE-2018-11081