DellCVELIST:CVE-2018-15762CVE-2018-15762 Pivotal Operations Manager gives all users heightened privileges
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.0%
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
CNA Affected
[
{
"product": "Pivotal Operations Manager",
"vendor": "Pivotal Cloud Foundry",
"versions": [
{
"lessThan": "2.0.24",
"status": "affected",
"version": "2.0.x",
"versionType": "custom"
},
{
"lessThan": "2.1.15",
"status": "affected",
"version": "2.1.x",
"versionType": "custom"
},
{
"lessThan": "2.2.7",
"status": "affected",
"version": "2.2.x",
"versionType": "custom"
},
{
"lessThan": "2.3.1",
"status": "affected",
"version": "2.3.x",
"versionType": "custom"
}
]
}
]References
Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.0%