RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
[
{
"product": "Pivotal Operations Manager",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "RSA(r) Identity Governance and Lifecycle version 7.1.0, all patch levels (Hardware Appliance, Software Bundle, and Virtual Application deployments only)"
},
{
"status": "affected",
"version": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)."
},
{
"status": "affected",
"version": "RSA Via Lifecycle and Governance version 7.0, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)"
},
{
"status": "affected",
"version": "RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (Hardware Appliance and Software Bundle (also known as Soft-Appliance) deployments only)"
}
]
}
]