CVE-2018-6978

Name of the Vulnerable Software and Affected Versions vRealize Operations versions 7.x before 7.0.0.11287810 vRealize Operations versions 6.7.x before 6.7.0.11286837 vRealize Operations versions 6.6.x before 6.6.1.11286876

Description The issue is due to improper permissions of support scripts, allowing a local privilege escalation. An admin user of the vROps application with shell access may exploit this to elevate privileges to root on a vROps machine. It is important to note that the admin user in this context is a non-sudoer and should not be confused with the root user of the vROps machine.

Recommendations For versions 7.x before 7.0.0.11287810, update to version 7.0.0.11287810 or later. For versions 6.7.x before 6.7.0.11286837, update to version 6.7.0.11286837 or later. For versions 6.6.x before 6.6.1.11286876, update to version 6.6.1.11286876 or later.