CVE-2018-11049 — Uncontrolled Search Path Element in RSA Identity Governance AND Lifecycle

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 84.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Operations Manager EMC RSA Identity Governance AND Lifecycle EMC RSA Identity Management AND Governance +1 more

Timeline

PublishedJul 11

Latest updateMay 13

Description

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages4 packages

▶NVDemc/rsa_identity_governance_and_lifecycle7.1.0

▶NVDrsa/rsa_via_lifecycle_and_governance7.0

▶NVDemc/rsa_identity_management_and_governance6.9.0, 6.9.1+1

▶CVEListV5pivotal/pivotal_operations_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-pw48-2qx8-7cxx: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability↗2022-05-13

▶

CVEList

RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability↗2018-07-11

▶