CVE-2018-11061

Name of the Vulnerable Software and Affected Versions RSA NetWitness Platform versions prior to 11.1.0.2 RSA Security Analytics versions prior to 10.6.6

Description The issue is related to a server-side template injection vulnerability caused by the insecure configuration of the template engine. A remote authenticated malicious user with an Admin or Operator role could exploit this to execute arbitrary commands on the server with root privileges.

Recommendations For RSA NetWitness Platform versions prior to 11.1.0.2, update to version 11.1.0.2 or later to resolve the issue. For RSA Security Analytics versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.