PT-2018-10269 · Rsa · Rsa Identity Governance/Lifecycle+2
Publicado
2018-07-11
·
Atualizado
2021-08-06
·
CVE-2018-11049
CVSS v3.1
7.3
Alta
| Vetor | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle (affected versions not specified)
RSA Via Lifecycle and Governance (affected versions not specified)
RSA IMG (affected versions not specified)
Description
The issue is related to an uncontrolled search vulnerability in the installation scripts of the affected products. These scripts set an environment variable in an unintended manner, which could be exploited by a local authenticated malicious user. The user could trick the root user into running malicious code on the targeted system.
Recommendations
For RSA Identity Governance and Lifecycle, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For RSA Via Lifecycle and Governance, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For RSA IMG, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Uncontrolled Search Path Element
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rsa Img
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance