CVE-2019-3725
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RSA | RSA Netwitness Platform | unspecified <= 11.2.1.1 | affected |
| RSA | RSA Security Analytics | RSA Security Analytics <= 10.6.6.1 | affected |
Weaknesses
- Command Injection vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.