{"api_version":"1","generated_at":"2026-04-29T09:52:37+00:00","cve":"CVE-2018-11046","urls":{"html":"https://cve.report/CVE-2018-11046","api":"https://cve.report/api/cve/CVE-2018-11046.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-11046","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-11046"},"summary":{"title":"CVE-2018-11046","description":"Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2018-06-25 15:29:00","updated_at":"2018-08-30 13:08:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://pivotal.io/security/cve-2018-11046","name":"https://pivotal.io/security/cve-2018-11046","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"CVE-2018-11046: Operations Manager includes outdated NGINX packages | Security | Pivotal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104545","name":"104545","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Pivotal Operations Manager CVE-2018-11046 Security Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-11046","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11046","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"11046","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pivotal_software","cpe5":"operations_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11046","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pivotal_software","cpe5":"operations_manager","cpe6":"2.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11046","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pivotal_software","cpe5":"operations_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11046","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pivotal_software","cpe5":"operations_manager","cpe6":"2.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","DATE_PUBLIC":"2018-06-20T04:00:00.000Z","ID":"CVE-2018-11046","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Operations Manager","version":{"version_data":[{"affected":"<","version_name":"2.1.x","version_value":"2.1.6"},{"affected":"=","version_value":"2.0.14"}]}}]},"vendor_name":"Pivotal"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unpatched vulnerabilities "}]}]},"references":{"reference_data":[{"name":"104545","refsource":"BID","url":"http://www.securityfocus.com/bid/104545"},{"name":"https://pivotal.io/security/cve-2018-11046","refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2018-11046"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2018-06-25 15:29:00","lastModifiedDate":"2018-08-30 13:08:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pivotal_software:operations_manager:2.0.14:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pivotal_software:operations_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.1.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"11046","Ordinal":"127505","Title":"CVE-2018-11046","CVE":"CVE-2018-11046","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"11046","Ordinal":"1","NoteData":"Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager","Type":"Description","Title":null},{"CveYear":"2018","CveId":"11046","Ordinal":"2","NoteData":"2018-06-25","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"11046","Ordinal":"3","NoteData":"2018-06-26","Type":"Other","Title":"Modified"}]}}}