CVE-2019-3725
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
15/05/2019
Last modified:
24/08/2020
Description
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:rsa:netwitness:*:*:*:*:*:*:*:* | 11.2.1.1 (excluding) | |
cpe:2.3:a:rsa:security_analytics:*:*:*:*:*:*:*:* | 10.6.6.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page