1. Home
  2. CVE Database
  3. CVE-2018-6978
MEDIUM · 6.7

CVE-2018-6978

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support ...

Vulnerability Description

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

CVSS Score

6.7

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
VmwareVrealize Operations>= 6.6.0, < 6.6.1.11286876

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2018-6978?

CVE-2018-6978 is a vulnerability with a CVSS score of 6.7 (MEDIUM). vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support ...

How severe is CVE-2018-6978?

CVE-2018-6978 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6978?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vrealize Operations.