CVE-2018-11051: RSA Certificate Manager Path Traversal Vulnerability
First published: Thu Jun 28 2018(Updated: )
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC RSA Certificate Manager | <=6.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11051?
The severity of CVE-2018-11051 is high with a severity value of 7.5.
What is the vulnerability in RSA Certificate Manager Versions 6.9?
The vulnerability in RSA Certificate Manager Versions 6.9 is a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server.
How can an attacker exploit CVE-2018-11051?
A remote unauthenticated attacker can exploit CVE-2018-11051 by manipulating input parameters of the application.
Which software versions are affected by CVE-2018-11051?
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 are affected by CVE-2018-11051.
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-11051?
The Common Weakness Enumeration (CWE) ID for CVE-2018-11051 is 22.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/emc
- canonical/emc rsa certificate manager
- version/emc rsa certificate manager/6.9