CVE-2018-11045

EUVD-2018-3090
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
pivotal_softwareoperations_manager
1.12 ≤
𝑥
< 1.12.22
pivotal_softwareoperations_manager
2.0 <
𝑥
< 2.0.15
pivotal_softwareoperations_manager
2.1.0 ≤
𝑥
< 2.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pivotal.io/security/cve-2018-11045
https://pivotal.io/security/cve-2018-11045