RSS   Vulnerabilities for 'Operations manager'   RSS

2019-03-07
 
CVE-2019-3776

CWE-79
 

 
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

 
2018-11-02
 
CVE-2018-15762

CWE-264
 

 
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.

 
2018-10-05
 
CVE-2018-11081

CWE-255
 

 
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..

 
2018-06-25
 
CVE-2018-11046

CWE-20
 

 
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager

 
2016-09-17
 
CVE-2016-0897

 

 
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.

 
 
CVE-2016-0883

 

 
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

 

 >>> Vendor: Pivotal software 47 Products
Rabbitmq management
Rabbitmq
Spring framework
Redis
Cloud foundry
Cloud foundry elastic runtime
Cloud foundry ops manager
Cloud foundry uaa
Cloud foundry uaa bosh
Operations manager
Spring data jpa
Cloud foundry cf mysql
Greenplum
Gemfire for pivotal cloud foundry
Spring security
Cloud foundry elastic runtime cf release
Cloud foundry uaa release
Login-server
Cloud foundry cf release
Cloud foundry garden linux
Cloud foundry cf
Spring social
Single sign-on for pivotal cloud foundry
Grootfs
Spring advanced message queuing protocol
Cf-deployment
Spring-ldap
Cf-release
Uaa-release
Credhub-release
Spring data rest
Cloud foundry uaa-release
Spring boot
Spring batch admin
Mysql
Spring data commons
Spring cloud sso connector
Spring security oauth
Windows stemcells
Spring integration zip
Pivotal application service
Cloud foundry cf-deployment
Cloudfoundry uaa release
Cloudfoundry uaa
Spring batch
Spring integration
Spring web services


Copyright 2019, cxsecurity.com

 

Back to Top