Vulnerability in Emc Rsa_identity_governance_and_lifecycle
CVE-2018-11049
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated ma…
EPSS: 0.004 (35.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Emc Rsa_identity_governance_and_lifecycle — versions 7.1.0
- Emc Rsa_identity_management_and_governance — versions 6.9.0, 6.9.1
- Pivotal Operations Manager — versions RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)., RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only), RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)
- Rsa Rsa_via_lifecycle_and_governance — versions 7.0
Weakness classification (CWE)
References
- security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- security_alert@emc.com (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2018-11049?
- CVE-2018-11049 is a high-severity vulnerability in Emc Rsa_identity_governance_and_lifecycle, classified under Uncontrolled Search Path Element. CVSS score: 7.3/10. Published 2018-07-11.
- How severe is CVE-2018-11049?
- High severity. CVSS v3 base score is 7.3 out of 10.