CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2019-3725 – Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2019-3725
15 May 2019 — RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server. Las versiones de RSA Netwitness Platform anteriores a la versión 11.2.1.1 y las de RSA Security Analytics anteriores a 10.6.6.1 son vulnerables a la Inyección de comandos debido a la falta ... • http://www.securityfocus.com/bid/108355 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-3724 – Authorization Bypass VulnerabilityRSA Netwitness Platform
https://notcve.org/view.php?id=CVE-2019-3724
15 May 2019 — RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials. En RSA Netwitness Platform versiones anteriores a 11.2.1.1, esta expuesta a una vulnerabilidad de omisión de autorización. Un atacante remoto con bajos privilegios podría explotar esta vulnerabilidad para conseguir acceso a la información administrativa, incl... • https://packetstorm.news/files/id/152943 •