Main Vulnerability Database Vulnerabilities #VU13865

#VU13865 Command injection in RSA Identity Governance and Lifecycle - CVE-2018-1245

Published: July 13, 2018

Vulnerability identifier: #VU13865

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1245

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RSA Identity Governance and Lifecycle

Software vendor:
RSA

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can bypass Java Security Policies to inject and execute arbitrary system commands on the target system with the privileges of the target application.

Remediation

Update to version 7.0.2 P07, 7.1.0 P01.

External links

http://seclists.org/fulldisclosure/2018/Jul/46

#VU13865 Command injection in RSA Identity Governance and Lifecycle - CVE-2018-1245

Description

Remediation

External links

Please verify you're human