cbcvebase.
CVE-2018-11049
published 2018-07-11

CVE-2018-11049: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation…

PriorityP432high7.3CVSS 3.0
AVLACLPRLUIRSUCHIHAH
EPSS
0.45%
35.5th percentile
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

Affected

8 ranges
VendorProductVersion rangeFixed in
emcrsa_identity_governance_and_lifecycle
emcrsa_identity_management_and_governance
emcrsa_identity_management_and_governance
pivotalpivotal_operations_manager
pivotalpivotal_operations_manager
pivotalpivotal_operations_manager
pivotalpivotal_operations_manager
rsarsa_via_lifecycle_and_governance

CVSS provenance

nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.