PT-2019-5816 · Rsa · Rsa Netwitness Platform+1

Publicado

2019-05-09

Atualizado

2020-08-24

CVE-2019-3725

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RSA Netwitness Platform versions prior to 11.2.1.1 RSA Security Analytics versions prior to 10.6.6.1

Description The issue exists due to inadequate measures to neutralize special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands on the server. The vulnerability is a result of missing input validation in the product, which can be exploited by a remote unauthenticated malicious user.

Recommendations For RSA Netwitness Platform versions prior to 11.2.1.1, update to version 11.2.1.1 or later to resolve the issue. For RSA Security Analytics versions prior to 10.6.6.1, update to version 10.6.6.1 or later to resolve the issue.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2021-03039

CVE-2019-3725

Produtos afetados

Rsa Netwitness Platform

Rsa Security Analytics

PT-2019-5816 · Rsa · Rsa Netwitness Platform+1

CVE-2019-3725

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5