Lucene search

DellCVE-2018-1182

HistoryMar 08, 2018 - 3:29 p.m.

CVE-2018-1182

2018-03-0815:29:00

CWE-269

dell

web.nvd.nist.gov

cve-2018-1182

emc

rsa

identity governance

lifecycle

via lifecycle

governance

os level users

arbitrary scripts

root level privileges

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.

Affected configurations

Nvd

Vulners

Node

emcrsa_identity_governance_and_lifecycleMatch7.0.1

emcrsa_identity_governance_and_lifecycleMatch7.0.2

emcrsa_identity_management_and_governanceMatch6.9.0

emcrsa_identity_management_and_governanceMatch6.9.1

rsarsa_via_lifecycle_and_governanceMatch7.0

VendorProductVersionCPE
emcrsa_identity_governance_and_lifecycle7.0.1cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
emcrsa_identity_governance_and_lifecycle7.0.2cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*
emcrsa_identity_management_and_governance6.9.0cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:*:*:*:*:*:*:*
emcrsa_identity_management_and_governance6.9.1cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*
rsarsa_via_lifecycle_and_governance7.0cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	rsa_identity_governance_and_lifecycle	7.0.1	cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:::::::*
emc	rsa_identity_governance_and_lifecycle	7.0.2	cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:::::::*
emc	rsa_identity_management_and_governance	6.9.0	cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:::::::*
emc	rsa_identity_management_and_governance	6.9.1	cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:::::::*
rsa	rsa_via_lifecycle_and_governance	7.0	cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:::::::*

CNA Affected

[
  {
    "product": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only)"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2018/Mar/16

www.securityfocus.com/bid/103317

www.securitytracker.com/id/1040458

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

Related for CVE-2018-1182