Critical severity9.1NVD Advisory· Published Aug 24, 2018· Updated Jun 17, 2026
CVE-2018-11061
CVE-2018-11061
Description
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.
Affected products
3- Range: <10.6.6
- Range: <11.1.0.2
- Range: unspecified
Patches
Vulnerability mechanics
References
4- seclists.org/fulldisclosure/2018/Aug/32nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/105134nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041541nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041542nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.