Operations Manager@* Security Vulnerabilities and Issues — Operations Manager@* CVE List

Lucene search

Pivotal SoftwareOperations Manager*

10 matches found

CVE•added 2019/06/06 7:29 p.m.•160 views

CVE-2019-3790

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supp...

6.1CVSS5.5AI score0.0006EPSS

CVE•added 2020/01/09 12:15 a.m.•77 views

CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

8.8CVSS6.8AI score0.00491EPSS

CVE•added 2019/08/05 5:15 p.m.•45 views

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

7.5CVSS7.3AI score0.00229EPSS

CVE•added 2018/06/25 3:29 p.m.•43 views

CVE-2018-11046

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager

6.5CVSS6.5AI score0.00337EPSS

CVE•added 2018/07/11 8:29 p.m.•39 views

CVE-2018-11045

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the...

5.9CVSS5.5AI score0.00303EPSS

CVE•added 2018/10/05 9:29 p.m.•35 views

CVE-2018-11081

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operatio...

8.8CVSS8.4AI score0.00161EPSS

CVE•added 2019/03/07 7:0 p.m.•34 views

CVE-2019-3776

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with mali...

7.2CVSS5.8AI score0.00192EPSS

CVE•added 2016/09/18 2:59 a.m.•29 views

CVE-2016-0883

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

9.8CVSS9.5AI score0.00156EPSS

CVE•added 2018/11/02 10:29 p.m.•26 views

CVE-2018-15762

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client wi...

9CVSS8.7AI score0.00222EPSS

CVE•added 2016/09/18 2:59 a.m.•25 views

CVE-2016-0897

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.

9.8CVSS9.4AI score0.00478EPSS