Arbitrary Script Execution with Root Privileges in EMC RSA Identity Governance and Lifecycle

Arbitrary Script Execution with Root Privileges in EMC RSA Identity Governance and Lifecycle

CVE-2018-1182 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.

Learn more about our User Device Pen Test.