- Added submission from VMware for VMSA-2018-0031 from 2018-12-18.

2025-06-10 02:04:31 +00:00 · 2018-12-18 14:11:55 -05:00 · 2018-12-18 14:11:55 -05:00 · e5cdf6ddc1
commit e5cdf6ddc1
parent 23b23d567b
1 changed files with 45 additions and 3 deletions
--- a/2018/6xxx/CVE-2018-6978.json
+++ b/2018/6xxx/CVE-2018-6978.json
@ -1,8 +1,31 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@vmware.com",
      "ID" : "CVE-2018-6978",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "vRealize Operations",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876)"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "VMware"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +34,26 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Local privilege escalation vulnerability"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0031.html"
         }
      ]
   }