Vulnerability Description
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Web Threat Detection | < 6.4 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Jun/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104396Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041026Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jun/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104396Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041026Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-1252?
CVE-2018-1252 is a vulnerability with a CVSS score of 8.8 (HIGH). RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could poten...
How severe is CVE-2018-1252?
CVE-2018-1252 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1252?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Web Threat Detection.