Lucene search

DellCVELIST:CVE-2018-11051

HistoryJun 28, 2018 - 12:00 a.m.

CVE-2018-11051 RSA Certificate Manager Path Traversal Vulnerability

2018-06-2800:00:00

dell

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

54.6%

JSON

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

CNA Affected

[
  {
    "product": "Certificate Manager Path Traversal Vulnerability",
    "vendor": "RSA",
    "versions": [
      {
        "status": "affected",
        "version": "6.9 build 560 through 6.9 build 564"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2018/Jul/11

www.securityfocus.com/bid/104674

www.securitytracker.com/id/1041211

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for CVELIST:CVE-2018-11051