CVE-2018-11049
RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability
Severity Score
7.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance y RSA IMG tienen una vulnerabilidad de búsqueda no controlada. Los scripts de instalación establecen una variable de entorno de forma no planeada. Un usuario malicioso local autenticado podría engañar al usuario root para que ejecute código malicioso en el sistema objetivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-14 CVE Reserved
- 2018-07-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Jul/23 | Mailing List |
|
| http://www.securityfocus.com/bid/104722 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041228 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Identity Governance And Lifecycle Search vendor "Emc" for product "Rsa Identity Governance And Lifecycle" | 7.1.0 Search vendor "Emc" for product "Rsa Identity Governance And Lifecycle" and version "7.1.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Identity Management And Governance Search vendor "Emc" for product "Rsa Identity Management And Governance" | 6.9.0 Search vendor "Emc" for product "Rsa Identity Management And Governance" and version "6.9.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Identity Management And Governance Search vendor "Emc" for product "Rsa Identity Management And Governance" | 6.9.1 Search vendor "Emc" for product "Rsa Identity Management And Governance" and version "6.9.1" | - |
Affected
| ||||||
| Rsa Search vendor "Rsa" | Rsa Via Lifecycle And Governance Search vendor "Rsa" for product "Rsa Via Lifecycle And Governance" | 7.0 Search vendor "Rsa" for product "Rsa Via Lifecycle And Governance" and version "7.0" | - |
Affected
| ||||||