CVE-2018-11061
CRITICALRSA NetWitness Platform <11.1.0.2 & RSA Security Analytics <10.6.6 ...
Title source: llmDescription
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041542
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Aug/32
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105134
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041541
Scores
CVSS v3
9.1
EPSS
0.0103
EPSS Percentile
77.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
Status
published
Products (2)
emc/rsa_netwitness
< 11.1.0.2
emc/rsa_security_analytics
< 10.6.6
Published
Aug 24, 2018
Tracked Since
Feb 18, 2026