CVE-2018-11045

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
pivotal_softwareoperations_manager
1.12 ≤
𝑥
< 1.12.22
pivotal_softwareoperations_manager
2.0 <
𝑥
< 2.0.15
pivotal_softwareoperations_manager
2.1.0 ≤
𝑥
< 2.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pivotal.io/security/cve-2018-11045
https://pivotal.io/security/cve-2018-11045