Lior Yakim

**Name of the Vulnerable Software and Affected Versions** IBM Turbonomic prometurbo agent versions 8.16.0 through 8.17.6 **Description** IBM Turbonomic Application Resource Management grants excessive cluster-wide permissions, which include unrestricted read access to all secrets. An attacker who compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.