All Vulnerability Reports

CVE-2018-15762: Pivotal Operations Manager gives all users heightened privileges




Pivotal Cloud Foundry


Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.

Affected VMware Products and Versions

Severity is critical unless otherwise noted.

  • Pivotal Operations Manager
    • versions 2.0.x prior to 2.0.24
    • versions 2.1.x prior to 2.1.15
    • versions 2.2.x prior to 2.2.7
    • versions 2.3.x prior to 2.3.1


Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.0.24, 2.1.15, 2.2.7, 2.3.1


2018-10-29: Initial vulnerability report published