PT-2018-13188 · Pivotal · Pivotal Operations Manager
Publicado
2018-11-02
·
Atualizado
2019-10-09
·
CVE-2018-15762
CVSS v3.1
9.0
Crítica
| Vetor | AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pivotal Operations Manager versions 2.0.x through 2.0.23
Pivotal Operations Manager versions 2.1.x through 2.1.14
Pivotal Operations Manager versions 2.2.x through 2.2.6
Pivotal Operations Manager versions 2.3.x through 2.3.0
Description
The issue allows all users to be granted a scope that enables privilege escalation. A remote malicious user who has been authenticated can create a new client with administrator privileges for Opsman.
Recommendations
For versions 2.0.x through 2.0.23, update to version 2.0.24 or later.
For versions 2.1.x through 2.1.14, update to version 2.1.15 or later.
For versions 2.2.x through 2.2.6, update to version 2.2.7 or later.
For versions 2.3.x through 2.3.0, update to version 2.3.1 or later.
Correção
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pivotal Operations Manager