CNVD-2018-17690

Vulnerability from cnvd - Published: 2018-09-06
VLAI Severity ?
Title
Dell RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA IMG本地不可信搜索路径漏洞
Description
Dell RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA IMG都是美国戴尔(Dell)公司的产品。Dell RSA Identity Governance and Lifecycle是一套生命周期管理解决方案;RSA Via Lifecycle and Governance是一套企业级身份识别和管理解决方案;RSA IMG是一套生命周期管理和身份识别解决方案。 Dell RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA IMG中存在安全漏洞。攻击者可利用该漏洞诱使root用户在目标系统上执行恶意代码。
Severity
Patch Name
Dell RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA IMG本地不可信搜索路径漏洞的补丁
Patch Description
Dell RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA IMG都是美国戴尔(Dell)公司的产品。Dell RSA Identity Governance and Lifecycle是一套生命周期管理解决方案;RSA Via Lifecycle and Governance是一套企业级身份识别和管理解决方案;RSA IMG是一套生命周期管理和身份识别解决方案。 Dell RSA Identity Governance and Lifecycle、RSA Via Lifecycle and Governance和RSA IMG中存在安全漏洞。攻击者可利用该漏洞诱使root用户在目标系统上执行恶意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可联系供应商获得补丁信息: https://www.dell.com/

Reference
http://seclists.org/fulldisclosure/2018/Jul/23
Impacted products
Name
['Dell EMC RSA Identity Governance and Lifecycle 7.1', 'Dell EMC RSA Identity Governance and Lifecycle 7.0.2 P01', 'Dell EMC RSA Identity Governance and Lifecycle 7.0.2', 'Dell EMC RSA Identity Governance and Lifecycle 7.0.1', 'Dell EMC RSA Identity Governance and Lifecycle 6.9.1', 'Dell EMC RSA Identity Governance and Lifecycle 6.9', 'Dell EMC RSA Identity Governance and Lifecycle 7.0.1 P03']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "104722"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11049"
    }
  },
  "description": "Dell RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA IMG\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell RSA Identity Governance and Lifecycle\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bRSA Via Lifecycle and Governance\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u8eab\u4efd\u8bc6\u522b\u548c\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bRSA IMG\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u548c\u8eab\u4efd\u8bc6\u522b\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nDell RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA IMG\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bf1\u4f7froot\u7528\u6237\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u6076\u610f\u4ee3\u7801\u3002",
  "discovererName": "Dell",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.dell.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17690",
  "openTime": "2018-09-06",
  "patchDescription": "Dell RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA IMG\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell RSA Identity Governance and Lifecycle\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bRSA Via Lifecycle and Governance\u662f\u4e00\u5957\u4f01\u4e1a\u7ea7\u8eab\u4efd\u8bc6\u522b\u548c\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff1bRSA IMG\u662f\u4e00\u5957\u751f\u547d\u5468\u671f\u7ba1\u7406\u548c\u8eab\u4efd\u8bc6\u522b\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nDell RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA IMG\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bf1\u4f7froot\u7528\u6237\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u6076\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA IMG\u672c\u5730\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC RSA Identity Governance and Lifecycle 7.1",
      "Dell EMC RSA Identity Governance and Lifecycle 7.0.2 P01",
      "Dell EMC RSA Identity Governance and Lifecycle 7.0.2",
      "Dell EMC RSA Identity Governance and Lifecycle 7.0.1",
      "Dell EMC RSA Identity Governance and Lifecycle 6.9.1",
      "Dell EMC RSA Identity Governance and Lifecycle 6.9",
      "Dell EMC RSA Identity Governance and Lifecycle 7.0.1 P03"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2018/Jul/23",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-13",
  "title": "Dell RSA Identity Governance and Lifecycle\u3001RSA Via Lifecycle and Governance\u548cRSA IMG\u672c\u5730\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.