CVE-2018-11061

2018-08-24T15:29:00
ID CVE-2018-11061
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:33:00

Description

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.