Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

rsa_netwitness

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2018-11061
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-1.60% / 80.97%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-rsa_security_analyticsrsa_netwitnessRSA NetWitnessRSA Security Analytics
CVE-2014-0643
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-1.21% / 78.15%
||
7 Day CHG~0.00%
Published-16 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-rsa_netwitnessrsa_security_analyticsn/a
CWE ID-CWE-287
Improper Authentication