Published: 24/08/2018 Updated: 09/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

RSA NetWitness Platform versions before 11.1.0.2 and RSA Security Analytics versions before 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc rsa security analytics
emc rsa netwitness

Full Disclosure mailing list archives   By Date By Thread </form>    DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability  <!--X-H ...

NVD-CWE-noinfo http://seclists.org/fulldisclosure/2018/Aug/32 http://www.securitytracker.com/id/1041542 http://www.securitytracker.com/id/1041541 http://www.securityfocus.com/bid/105134 https://nvd.nist.gov http://seclists.org/fulldisclosure/2018/Aug/42

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-11061

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect