Command Injection Vulnerability in RSA Netwitness Platform and RSA Security Analytics

Command Injection Vulnerability in RSA Netwitness Platform and RSA Security Analytics

CVE-2019-3725 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server.

Learn more about our Cis Benchmark Audit For Server Software.