Design/Logic Flaw

2018-07-1120:29:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.8%

JSON

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.

CPENameOperatorVersion
operations_managerge2.1.0
operations_managerlt2.1.6
operations_managerge1.12
operations_managerlt1.12.22
operations_managergt2.0
operations_managerlt2.0.15

Name	Operator	Version
operations_manager	ge	2.1.0
operations_manager	lt	2.1.6
operations_manager	ge	1.12
operations_manager	lt	1.12.22
operations_manager	gt	2.0
operations_manager	lt	2.0.15

References

pivotal.io/security/cve-2018-11045