← Back

CVE-2018-6978

nvd nist
Published: Dec 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

Affected (3)

Vmware
1 product
Vrealize Operations
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Vmware
Vrealize Operations
From 6.6.0 to 6.6.1.11286876
Vrealize Operations
From 6.7.0 to 6.7.0.11286837
Vrealize Operations
From 7.0.0 to 7.0.0.11287810

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: security@vmware.com
Third Party AdvisoryVDB Entry
Source: security@vmware.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.