RSA Certificate Manager におけるパストラバーサルの脆弱性
| Title |
RSA Certificate Manager におけるパストラバーサルの脆弱性
|
| Summary |
RSA Certificate Manager には、パストラバーサルの脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
June 28, 2018, midnight |
| Registration Date |
Sept. 27, 2018, 2:27 p.m. |
| Last Update |
Sept. 27, 2018, 2:27 p.m. |
|
CVSS3.0 : 重要
|
| Score |
7.5
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
5
|
| Vector |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
Affected System
| DELL EMC (旧 EMC Corporation) |
|
RSA Certificate Manager 6.9 build 560 から 6.9 build 564
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年09月27日]
掲載 |
Sept. 27, 2018, 2:27 p.m. |
NVD Vulnerability Information
CVE-2018-11051
| Summary |
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
|
| Publication Date |
July 4, 2018, 2:29 a.m. |
| Registration Date |
March 1, 2021, 6:44 p.m. |
| Last Update |
Nov. 21, 2024, 12:42 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:emc:rsa_certificate_manager:*:*:*:*:*:*:*:* |
|
6.9 |
|
|
Related information, measures and tools
Common Vulnerabilities List