Vulnerability Details : CVE-2018-1182
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.
Products affected by CVE-2018-1182
- cpe:2.3:a:rsa:rsa_via_lifecycle_and_governance:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1182
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1182
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-1182
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1182
-
http://seclists.org/fulldisclosure/2018/Mar/16
Full Disclosure: DSA-2018-011: RSA Identity Governance and Lifecycle Privilege Escalation VulnerabilityMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/103317
Multiple EMC Products CVE-2018-1182 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040458
RSA Identity Governance and Lifecycle Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to