CVE-2019-3725

Summary

RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.

Affected Software

VendorProductVersion RangeStatus
RSARSA Netwitness Platformunspecified <= 11.2.1.1affected
RSARSA Security AnalyticsRSA Security Analytics <= 10.6.6.1affected

Weaknesses

  • Command Injection vulnerability

ADP Enrichment

CVE Program Container

Additional References

References