CVE-2018-11081 - OpenCVE

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Operations Manager

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:operations_manager::::::::
	cpe:2.3:a:pivotal_software:operations_manager::::::::
	cpe:2.3:a:pivotal_software:operations_manager::::::::
	cpe:2.3:a:pivotal_software:operations_manager::::::::

No data.

References

Link	Providers
https://pivotal.io/security/cve-2018-11081

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-10-05T21:00:00Z

Updated: 2024-09-17T01:26:01.975Z

Reserved: 2018-05-14T00:00:00

Link: CVE-2018-11081

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-05T21:29:00.513

Modified: 2019-10-09T23:33:23.370

Link: CVE-2018-11081

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "pivotal-ops-manager", "vendor": "Pivotal", "versions": [{"lessThanOrEqual": "2", "status": "affected", "version": "1.11.x", "versionType": "custom"}, {"lessThan": "2.0.16", "status": "affected", "version": "2.0.x", "versionType": "custom"}, {"lessThan": "2.1.11", "status": "affected", "version": "2.1.x", "versionType": "custom"}, {"lessThan": "2.2.1", "status": "affected", "version": "2.2.x", "versionType": "custom"}]}], "datePublic": "2018-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cleartext Storage in a File or on Disk", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-05T20:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-11081"}], "source": {"discovery": "UNKNOWN"}, "title": "Pivotal Operations Manager UAA config - temp Ram Disk", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-09-27T07:00:00.000Z", "ID": "CVE-2018-11081", "STATE": "PUBLIC", "TITLE": "Pivotal Operations Manager UAA config - temp Ram Disk"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pivotal-ops-manager", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_name": "1.11.x", "version_value": "2"}, {"affected": "<", "version_affected": "<", "version_name": "2.0.x", "version_value": "2.0.16"}, {"affected": "<", "version_affected": "<", "version_name": "2.1.x", "version_value": "2.1.11"}, {"affected": "<", "version_affected": "<", "version_name": "2.2.x", "version_value": "2.2.1"}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Storage in a File or on Disk"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2018-11081", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-11081"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:54:36.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2018-11081"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-11081", "datePublished": "2018-10-05T21:00:00Z", "dateReserved": "2018-05-14T00:00:00", "dateUpdated": "2024-09-17T01:26:01.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "577F5FBF-5F20-4ABC-B599-9A1A95DA28A3", "versionEndExcluding": "1.12.25", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D795BC6F-2426-46F4-9DA4-F83FC751D263", "versionEndExcluding": "2.0.16", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "37A61546-774C-4912-9BB5-F05C48D2A06B", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4E11C1C-DD72-460E-91E0-CDBF335711ED", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."}, {"lang": "es", "value": "Pivotal Operations Manager, en versiones 2.2.x anteriores a la 2.2.1, 2.1.x anteriores a la 2.1.11, 2.0.x anteriores a la 2.0.16 y 1.11.x anteriores a la 2, fracasa a la hora de escribir el archivo de configuraci\u00f3n Operations Manager UAA en el disco RAM temporal, exponiendo as\u00ed las configuraciones directamente en el disco. Un usuario remoto que haya obtenido acceso a la m\u00e1quina virtual de Operations Manager puede ahora buscar y hallar las credenciales UAA para Operations Manager en el disco del sistema."}], "id": "CVE-2018-11081", "lastModified": "2019-10-09T23:33:23.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 6.0, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2018-10-05T21:29:00.513", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-11081"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}