Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| pivotal_software | operations_manager | 1.11.0 - 1.12.25 | - |
| pivotal_software | operations_manager | 2.0.0 - 2.0.16 | - |
| pivotal_software | operations_manager |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
4
Affected Products
2
References
pivotal_software / operations_manager
| 2.1.0 - 2.1.11 |
| - |
| pivotal_software | operations_manager | 2.2.0 - 2.2.1 | - |
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Exploitability
Impact