CVE-2018-1252

Name of the Vulnerable Software and Affected Versions RSA Web Threat Detection versions prior to 6.4

Description The issue allows an authenticated malicious user with low privileges to potentially execute SQL commands on the back-end database by supplying specially crafted input data to the affected Administration and Forensics applications. This could lead to unauthorized access to the tool's monitoring and user information.

Recommendations For RSA Web Threat Detection versions prior to 6.4, update to version 6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Administration and Forensics applications to minimize the risk of exploitation.