CVE-2019-3725

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
15/05/2019
Last modified:
24/08/2020

Description

RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:rsa:netwitness:*:*:*:*:*:*:*:* 11.2.1.1 (excluding)
cpe:2.3:a:rsa:security_analytics:*:*:*:*:*:*:*:* 10.6.6.1 (excluding)