CVE-2018-11049

EPSS 0.05%
Veröffentlicht 11.07.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:42:33
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Rsa Identity Governance And Lifecycle Version7.1.0

Emc ≫ Rsa Identity Management And Governance Version6.9.0

Emc ≫ Rsa Identity Management And Governance Version6.9.1

Rsa ≫ Rsa Via Lifecycle And Governance Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.153

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://seclists.org/fulldisclosure/2018/Jul/23

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/104722

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1041228

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-11049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11049

EUVD