CVE-2018-11051

Name of the Vulnerable Software and Affected Versions RSA Certificate Manager versions 6.9 build 560 through 6.9 build 564

Description The issue allows a remote unauthenticated attacker to potentially gain unauthorized read access to files stored on the server filesystem by manipulating input parameters of the application. This is due to a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server.

Recommendations For RSA Certificate Manager versions 6.9 build 560 through 6.9 build 564, consider restricting access to the RSA CMP Enroll Server and the RSA REST Enroll Server until a patch is available. As a temporary workaround, limit the privileges of the running web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.