CVE-2018-1182

EUVD-2018-11820

08.03.2018, 15:29

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Affected Products (NVD)

Vendor	Product	Version
emc	rsa_identity_governance_and_lifecycle	7.0.1
emc	rsa_identity_governance_and_lifecycle	7.0.2
emc	rsa_identity_management_and_governance	6.9.0
emc	rsa_identity_management_and_governance	6.9.1
rsa	rsa_via_lifecycle_and_governance	7.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

http://seclists.org/fulldisclosure/2018/Mar/16

http://www.securityfocus.com/bid/103317

http://www.securitytracker.com/id/1040458

http://seclists.org/fulldisclosure/2018/Mar/16

http://www.securityfocus.com/bid/103317

http://www.securitytracker.com/id/1040458