CVE-2018-11049
published 2018-07-11CVE-2018-11049: RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation…
PriorityP432high7.3CVSS 3.0
AVLACLPRLUIRSUCHIHAH
EPSS
0.45%
35.5th percentile
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | rsa_identity_governance_and_lifecycle | — | — |
| emc | rsa_identity_management_and_governance | — | — |
| emc | rsa_identity_management_and_governance | — | — |
| pivotal | pivotal_operations_manager | — | — |
| pivotal | pivotal_operations_manager | — | — |
| pivotal | pivotal_operations_manager | — | — |
| pivotal | pivotal_operations_manager | — | — |
| rsa | rsa_via_lifecycle_and_governance | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-11
Published