cvedb.io
CVE-2018-11081
HIGH · CVSS 7.9
EPSS exploitation probability: 0%
Published 2018-10-05T21:29:00.513 · Last modified 2026-06-17T01:35:14.083

Summary

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

Affected products

pivotal_software — operations_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.