CVE-2018-11065
Last modified
CVE-2018-11065 is a vulnerability of currently unknown severity. The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. EPSS estimates a 1.29% chance of exploitation in the next 30 days.
Description
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Archer | >= 6.1.0.0, < 6.1.0.3 |
| Rsa | Archer | >= 6.2.0.0, < 6.2.0.10 |
| Rsa | Archer | >= 6.3.0.0, < 6.3.0.7 |
| Rsa | Archer | >= 6.4.0.0, < 6.4.0.1 |
References
- http://seclists.org/fulldisclosure/2018/Aug/31Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/105128Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041540Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2018/Aug/31Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/105128Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041540Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11065?
How severe is CVE-2018-11065?
How do I fix CVE-2018-11065?
Are you affected by CVE-2018-11065?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST