CVE-2018-15762

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
dellCNA
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
pivotal_softwareoperations_manager
2.0.0 ≤
𝑥
< 2.0.24
pivotal_softwareoperations_manager
2.1.0 ≤
𝑥
< 2.1.15
pivotal_softwareoperations_manager
2.2.0 ≤
𝑥
< 2.2.7
pivotal_softwareoperations_manager
2.3.0 ≤
𝑥
< 2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pivotal.io/security/cve-2018-15762
https://pivotal.io/security/cve-2018-15762