Description
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040458
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103317
Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2018/Mar/16
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (5)
emc/rsa_identity_governance_and_lifecycle
7.0.1
emc/rsa_identity_governance_and_lifecycle
7.0.2
emc/rsa_identity_management_and_governance
6.9.0
emc/rsa_identity_management_and_governance
6.9.1
rsa/rsa_via_lifecycle_and_governance
7.0
Published
Mar 08, 2018
Tracked Since
Feb 18, 2026