CVE-2018-6978

MEDIUM

Vmware Vrealize Operations - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0031.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106242

Scores

CVSS v3 6.7
EPSS 0.0002
EPSS Percentile 5.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
vmware/vrealize_operations 6.6.0 - 6.6.1.11286876
Published Dec 18, 2018
Tracked Since Feb 18, 2026