RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRsa Netwitness
APPRsa< 11.2.1.1Rsa Security Analytics
APPRsa< 10.6.6.1
Related vulnerabilities
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local an...
RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A r...
RSA Authentication Agent – podatność path interception (unquoted service path)
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS f...
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerab...