PT-2019-5816 · Rsa · Rsa Netwitness Platform+1

Published

2019-05-09

Updated

2020-08-24

CVE-2019-3725

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RSA Netwitness Platform versions prior to 11.2.1.1 RSA Security Analytics versions prior to 10.6.6.1

Description The issue exists due to inadequate measures to neutralize special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands on the server. The vulnerability is a result of missing input validation in the product, which can be exploited by a remote unauthenticated malicious user.

Recommendations For RSA Netwitness Platform versions prior to 11.2.1.1, update to version 11.2.1.1 or later to resolve the issue. For RSA Security Analytics versions prior to 10.6.6.1, update to version 10.6.6.1 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2021-03039

CVE-2019-3725

Affected Products

Rsa Netwitness Platform

Rsa Security Analytics

PT-2019-5816 · Rsa · Rsa Netwitness Platform+1

CVE-2019-3725

Weakness Enumeration

Related Identifiers

Affected Products

References · 5