← Back

CVE-2018-11049

nvd nist
Published: Jul 11, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.3
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.3 / Impact: 5.9
Source: NVD

Description

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

Affected (4)

Emc
2 products
Rsa Identity Governance And Lifecycle
Rsa Identity Management And Governance
Rsa
1 product
Rsa Via Lifecycle And Governance
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Rsa Identity Governance And Lifecycle
Version 7.1.0
Emc
Rsa Identity Management And Governance
Version 6.9.0
Rsa Identity Management And Governance
Version 6.9.1
Rsa Via Lifecycle And Governance
Version 7.0

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

Source: security_alert@emc.com
Mailing ListThird Party Advisory
Source: security_alert@emc.com
Third Party AdvisoryVDB Entry
Source: security_alert@emc.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.