cvedb.io
CVE-2018-6978
MEDIUM · CVSS 6.7
EPSS exploitation probability: 0%
Published 2018-12-18T20:29:00.213 · Last modified 2026-06-17T02:02:33.027

Summary

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

Affected products

vmware — vrealize_operations

Does this affect you?

Add your gear to cvedb and we'll alert you only when vmware ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.