CVE-2018-11049 — HIGH (7.3)

Vulnerability Description

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

CVSS Score

7.3

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emc	Rsa Identity Governance And Lifecycle	7.1.0
Emc	Rsa Identity Management And Governance	6.9.0
Rsa	Rsa Via Lifecycle And Governance	7.0

Related Weaknesses (CWE)

CWE-427

References

http://seclists.org/fulldisclosure/2018/Jul/23Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/104722Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041228Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Jul/23Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/104722Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041228Third Party AdvisoryVDB Entry

FAQ

What is CVE-2018-11049?

CVE-2018-11049 is a vulnerability with a CVSS score of 7.3 (HIGH). RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unin...

How severe is CVE-2018-11049?

CVE-2018-11049 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-11049?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Identity Governance And Lifecycle, Emc Rsa Identity Management And Governance, Rsa Rsa Via Lifecycle And Governance.