CVE-2018-11051 - Vulnerability Details - OpenCVE

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Rsa Certificate Manager

Configuration 1 [-]

cpe:2.3:a:emc:rsa_certificate_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2018/Jul/11
http://www.securityfocus.com/bid/104674
http://www.securitytracker.com/id/1041211

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-07-03T17:00:00Z

Updated: 2024-09-16T21:08:18.669Z

Reserved: 2018-05-14T00:00:00

Link: CVE-2018-11051

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-03T17:29:00.217

Modified: 2024-11-21T03:42:34.137

Link: CVE-2018-11051

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Certificate Manager Path Traversal Vulnerability", "vendor": "RSA", "versions": [{"status": "affected", "version": "6.9 build 560 through 6.9 build 564"}]}], "datePublic": "2018-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Authentication Bypass Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-09T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/Jul/11"}, {"name": "104674", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104674"}, {"name": "1041211", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041211"}], "source": {"discovery": "UNKNOWN"}, "title": "RSA Certificate Manager Path Traversal Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-06-28T04:00:00.000Z", "ID": "CVE-2018-11051", "STATE": "PUBLIC", "TITLE": "RSA Certificate Manager Path Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Certificate Manager Path Traversal Vulnerability", "version": {"version_data": [{"version_value": "6.9 build 560 through 6.9 build 564"}]}}]}, "vendor_name": "RSA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Bypass Vulnerability"}]}]}, "references": {"reference_data": [{"name": "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/Jul/11"}, {"name": "104674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104674"}, {"name": "1041211", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041211"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:54:36.560Z"}, "title": "CVE Program Container", "references": [{"name": "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2018/Jul/11"}, {"name": "104674", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104674"}, {"name": "1041211", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041211"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-11051", "datePublished": "2018-07-03T17:00:00Z", "dateReserved": "2018-05-14T00:00:00", "dateUpdated": "2024-09-16T21:08:18.669Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_certificate_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A8B4803-1C2C-495D-A491-5C1096710E2E", "versionEndIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application."}, {"lang": "es", "value": "RSA Certificate Manager desde la versi\u00f3n 6.9 build 560 hasta la 6.9 build 564 contiene una vulnerabilidad de salto de directorio en los servidores RSA CMP Enroll y RSA REST Enroll. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad manipulando los par\u00e1metros de entrada de la aplicaci\u00f3n para obtener acceso de lectura no autorizado a los archivos almacenados en el sistema de archivos del servidor, con los privilegios de la aplicaci\u00f3n web en ejecuci\u00f3n."}], "id": "CVE-2018-11051", "lastModified": "2024-11-21T03:42:34.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-03T17:29:00.217", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Jul/11"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104674"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Jul/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041211"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}