CVE-2018-11081

Name of the Vulnerable Software and Affected Versions Pivotal Operations Manager versions 1.11.x prior to 2 Pivotal Operations Manager versions 2.0.x prior to 2.0.16 Pivotal Operations Manager versions 2.1.x prior to 2.1.11 Pivotal Operations Manager versions 2.2.x prior to 2.2.1

Description The issue arises from the failure to write the Operations Manager UAA config onto the temp RAM disk, resulting in the exposure of configs directly onto disk. A remote user with access to the Operations Manager VM can search for and find the UAA credentials for Operations Manager on the system disk.

Recommendations For versions 1.11.x prior to 2, update to version 2 or later to resolve the issue. For versions 2.0.x prior to 2.0.16, update to version 2.0.16 or later to resolve the issue. For versions 2.1.x prior to 2.1.11, update to version 2.1.11 or later to resolve the issue. For versions 2.2.x prior to 2.2.1, update to version 2.2.1 or later to resolve the issue.