Unrated severityNVD Advisory· Published Jul 11, 2018· Updated Sep 17, 2024

RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability

CVE-2018-11049

Description

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

Affected products

Pivotal/Operations Managerv5
Range: RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and Virtual Application deployments only)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2018/Jul/23mitremailing-listx_refsource_FULLDISC
www.securityfocus.com/bid/104722mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1041228mitrevdb-entryx_refsource_SECTRACK

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000