// For flags

CVE-2018-11045

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.

Pivotal Operations Manager, en versiones 2.1 anteriores a la 2.1.6 y 2.0 anteriores a la 2.0.15 y 1.12 anteriores a la 1.12.22, contiene un archivo Linux Random Number Generator (LRNG) seed embebido en la imagen de aplicación. Un atacante con conocimiento de la versión exacta e IaaS de un OpsManager en ejecución podría obtener el contenido del seed correspondiente de la imagen publicada y, por lo tanto, inferir el estado inicial del LRNG.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-05-14 CVE Reserved
  • 2018-07-11 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-330: Use of Insufficiently Random Values
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://pivotal.io/security/cve-2018-11045 2018-09-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pivotal Software
Search vendor "Pivotal Software"
 Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
 >= 1.12 < 1.12.22
Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 1.12 < 1.12.22"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
 Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
 > 2.0 < 2.0.15
Search vendor "Pivotal Software" for product "Operations Manager" and version " > 2.0 < 2.0.15"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
 Operations Manager
Search vendor "Pivotal Software" for product "Operations Manager"
 >= 2.1.0 < 2.1.6
Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.1.0 < 2.1.6"
-
Affected