CVE-2016-0930 Ops Manager Compilation VMs Vulnerability on vSphere and vCloud


Severity

Low

Vendor

Pivotal

Versions Affected
  • vSphere and vCloud deployments of Pivotal Operations Manager, versions prior to 1.6.19 and 1.7.x versions prior to 1.7.10
Description

Ops Manager compilation VMs exist for a short time during installation, but can be accessed via SSH using a default password for vSphere and vCloud deployments.

Mitigation

Pivotal Ops Manager users on vSphere or vCloud deployments should follow the appropriate mitigation below:

  • Upgrade Ops Manager to 1.6.x versions and below to 1.6.19 or later
  • Upgrade Ops Manager 1.7.x versions to 1.7.10 or later