PT-2018-10269 · Rsa · Rsa Identity Governance/Lifecycle+2
Published
2018-07-11
·
Updated
2021-08-06
·
CVE-2018-11049
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle (affected versions not specified)
RSA Via Lifecycle and Governance (affected versions not specified)
RSA IMG (affected versions not specified)
Description
The issue is related to an uncontrolled search vulnerability in the installation scripts of the affected products. These scripts set an environment variable in an unintended manner, which could be exploited by a local authenticated malicious user. The user could trick the root user into running malicious code on the targeted system.
Recommendations
For RSA Identity Governance and Lifecycle, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For RSA Via Lifecycle and Governance, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For RSA IMG, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Img
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance