CVE-2018-6978

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

Published: Dec 18, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-6978
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
vmware / vrealize_operations	6.6.0	6.6.1.11286876
vmware / vrealize_operations	6.7.0	6.7.0.11286837
vmware / vrealize_operations	7.0.0	7.0.0.11287810

http://www.securityfocus.com/bid/106242
https://www.vmware.com/security/advisories/VMSA-2018-0031.html

Vulnerability Database

289,784

CVE-2018-6978