CVE-2018-15762
Last modified
CVE-2018-15762 is a vulnerability of currently unknown severity. Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.
Description
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Operations Manager | >= 2.0.0, < 2.0.24 |
| Pivotal Software | Operations Manager | >= 2.1.0, < 2.1.15 |
| Pivotal Software | Operations Manager | >= 2.2.0, < 2.2.7 |
| Pivotal Software | Operations Manager | >= 2.3.0, < 2.3.1 |
References
- https://pivotal.io/security/cve-2018-15762Vendor Advisory
- https://pivotal.io/security/cve-2018-15762Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-15762?
How severe is CVE-2018-15762?
How do I fix CVE-2018-15762?
Are you affected by CVE-2018-15762?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST