CVE-2018-11045

Name of the Vulnerable Software and Affected Versions Pivotal Operations Manager versions 2.1 prior to 2.1.6 Pivotal Operations Manager versions 2.0 prior to 2.0.15 Pivotal Operations Manager versions 1.12 prior to 1.12.22

Description The issue concerns a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could infer the initial state of the LRNG by obtaining the contents of the corresponding seed from the published image.

Recommendations For versions 2.1 prior to 2.1.6, update to version 2.1.6 or later. For versions 2.0 prior to 2.0.15, update to version 2.0.15 or later. For versions 1.12 prior to 1.12.22, update to version 1.12.22 or later.