CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
65.4%
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk…
[
{
"product": "pivotal-ops-manager",
"vendor": "Pivotal",
"versions": [
{
"lessThanOrEqual": "2",
"status": "affected",
"version": "1.11.x",
"versionType": "custom"
},
{
"lessThan": "2.0.16",
"status": "affected",
"version": "2.0.x",
"versionType": "custom"
},
{
"lessThan": "2.1.11",
"status": "affected",
"version": "2.1.x",
"versionType": "custom"
},
{
"lessThan": "2.2.1",
"status": "affected",
"version": "2.2.x",
"versionType": "custom"
}
]
}
]
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
65.4%