CVE-2018-11061

Published: 24/08/2018 Updated: 09/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

RSA NetWitness Platform versions before 11.1.0.2 and RSA Security Analytics versions before 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc rsa security analytics
emc rsa netwitness

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability Dell EMC Identifier: DSA-2018-132 CVE Identifier: CVE-2018-11061 Severity Rating: CVSS v3 Base Score: 91 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Severity: Critical Affected Products: RSA NetWitness Platform ver ...

NVD-CWE-noinfo http://seclists.org/fulldisclosure/2018/Aug/32 http://www.securitytracker.com/id/1041542 http://www.securitytracker.com/id/1041541 http://www.securityfocus.com/bid/105134 https://nvd.nist.gov http://seclists.org/fulldisclosure/2018/Aug/32

CVE-2018-11061

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect