CVE-2018-11049

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Jul/23 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1041228 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/104722 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*

Information

Published : 2018-07-11 13:29

Updated : 2021-08-06 06:12


NVD link : CVE-2018-11049

Mitre link : CVE-2018-11049


JSON object : View

CWE
CWE-427

Uncontrolled Search Path Element

Advertisement

dedicated server usa

Products Affected

emc

  • rsa_identity_management_and_governance
  • rsa_identity_governance_and_lifecycle

rsa

  • rsa_via_lifecycle_and_governance