9
CVSSv2

CVE-2018-11061

Published: 24/08/2018 Updated: 09/10/2019
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

RSA NetWitness Platform versions before 11.1.0.2 and RSA Security Analytics versions before 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions
EmcRsa Netwitness9.8.5.17, 9.8.5.19
EmcRsa Security Analytics10.0, 10.1, 10.2, 10.2.3, 10.2.4, 10.3, 10.3.1, 10.3.2

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability Dell EMC Identifier: DSA-2018-132 CVE Identifier: CVE-2018-11061 Severity Rating: CVSS v3 Base Score: 91 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Severity: Critical Affected Products: RSA NetWitness Platform ver ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability Dell EMC Identifier: DSA-2018-132 CVE Identifier: CVE-2018-11061 Severity Rating: CVSS v3 Base Score: 91 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Severity: Critical Affected Products: RSA NetWitness Platform ver ...