Vulnerability Details CVE-2018-11049
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.3%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 6.9
References
Products affected by CVE-2018-11049
-
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.1.0
-
cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0
-
cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1
-
cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0