Vulnerability Description
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Certificate Manager | <= 6.9 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Jul/11Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104674Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041211Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/11Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104674Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041211Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-11051?
CVE-2018-11051 is a vulnerability with a CVSS score of 7.5 (HIGH). RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attack...
How severe is CVE-2018-11051?
CVE-2018-11051 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11051?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Certificate Manager.