CVE-2016-0897 Ops Manager vSphere and vCloud vulnerability


Severity

High

Vendor

Pivotal

Versions Affected
  • vSphere and vCloud deployments of Pivotal Ops Manager, all versions prior to 1.6.17 AND 1.7.x versions prior to 1.7.8
Description

Under some circumstances, PCF deployments do not properly configure operator-level access via SSH authentication.

Mitigation

Pivotal Ops Manager users on vSphere or vCloud deployments should follow the appropriate mitigation below:

  • Upgrade Ops Manager versions 1.6.x and lower to 1.6.17
  • Upgrade Ops Manager 1.7.x versions to 1.7.8