Is CVE-2018-11061 actively exploited?

CVE-2018-11061 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-11061?

CVE-2018-11061 has a CVSS score of 9.1 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2018-11061?

Patch guidance is available from emc security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-11061.

Fix CVE-2018-11061 - CRITICAL emc rsa netwitness

Q: Which products are affected by CVE-2018-11061?

2 products: emc rsa netwitness, emc rsa security analytics.

Description

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: NVD-CWE-noinfo

Metadata

Primary Vendor: EMC
Published: 8/24/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2018-11061

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary