CVE-2018-11049
Last modified
CVE-2018-11049 is a vulnerability of currently unknown severity. RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Emc | Rsa Identity Governance And Lifecycle | 7.1.0 |
| Emc | Rsa Identity Management And Governance | 6.9.0 |
| Emc | Rsa Identity Management And Governance | 6.9.1 |
| Rsa | Rsa Via Lifecycle And Governance | 7.0 |
References
- http://seclists.org/fulldisclosure/2018/Jul/23Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/104722Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041228Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/23Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/104722Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041228Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11049?
How severe is CVE-2018-11049?
How do I fix CVE-2018-11049?
Are you affected by CVE-2018-11049?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST