Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| pivotal_software | operations_manager | 2.0.0 - 2.0.24 | - |
| pivotal_software | operations_manager | 2.1.0 - 2.1.15 | - |
| pivotal_software | operations_manager |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4
Affected Products
2
References
pivotal_software / operations_manager
| 2.2.0 - 2.2.7 |
| - |
| pivotal_software | operations_manager | 2.3.0 - 2.3.1 | - |
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability
Impact