Unrated severityNVD Advisory· Published Aug 24, 2018· Updated Sep 17, 2024

CVE-2018-11061

Description

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

Affected products

Dell Emc/Rsa Netwitnessv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2018/Aug/32mitremailing-listx_refsource_FULLDISC
www.securityfocus.com/bid/105134mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1041541mitrevdb-entryx_refsource_SECTRACK
www.securitytracker.com/id/1041542mitrevdb-entryx_refsource_SECTRACK

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000