PT-2018-10275 · Rsa · Rsa Security Analytics+1

Published

2018-08-24

Updated

2019-10-09

CVE-2018-11061

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RSA NetWitness Platform versions prior to 11.1.0.2 RSA Security Analytics versions prior to 10.6.6

Description The issue is related to a server-side template injection vulnerability caused by the insecure configuration of the template engine. A remote authenticated malicious user with an Admin or Operator role could exploit this to execute arbitrary commands on the server with root privileges.

Recommendations For RSA NetWitness Platform versions prior to 11.1.0.2, update to version 11.1.0.2 or later to resolve the issue. For RSA Security Analytics versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-11061

Affected Products

Rsa Netwitness Platform

Rsa Security Analytics

PT-2018-10275 · Rsa · Rsa Security Analytics+1

CVE-2018-11061

Related Identifiers

Affected Products

References · 6