Lucene search

[email protected]NVD:CVE-2018-1182

HistoryMar 08, 2018 - 3:29 p.m.

CVE-2018-1182

2018-03-0815:29:00

CWE-269

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%

JSON

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.

Affected configurations

Nvd

Node

emcrsa_identity_governance_and_lifecycleMatch7.0.1

emcrsa_identity_governance_and_lifecycleMatch7.0.2

emcrsa_identity_management_and_governanceMatch6.9.0

emcrsa_identity_management_and_governanceMatch6.9.1

rsarsa_via_lifecycle_and_governanceMatch7.0

VendorProductVersionCPE
emcrsa_identity_governance_and_lifecycle7.0.1cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
emcrsa_identity_governance_and_lifecycle7.0.2cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*
emcrsa_identity_management_and_governance6.9.0cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:*:*:*:*:*:*:*
emcrsa_identity_management_and_governance6.9.1cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*
rsarsa_via_lifecycle_and_governance7.0cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	rsa_identity_governance_and_lifecycle	7.0.1	cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:::::::*
emc	rsa_identity_governance_and_lifecycle	7.0.2	cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:::::::*
emc	rsa_identity_management_and_governance	6.9.0	cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:::::::*
emc	rsa_identity_management_and_governance	6.9.1	cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:::::::*
rsa	rsa_via_lifecycle_and_governance	7.0	cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:::::::*

References

seclists.org/fulldisclosure/2018/Mar/16

www.securityfocus.com/bid/103317

www.securitytracker.com/id/1040458

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%

JSON

Related for NVD:CVE-2018-1182

cve1 prion1 cvelist1