Lucene search

DellCVELIST:CVE-2019-18572

HistoryDec 18, 2019 - 8:50 p.m.

CVE-2019-18572

2019-12-1820:50:14

CWE-306

dell

www.cve.org

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

AI Score

9.7

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

CNA Affected

[
  {
    "product": "RSA Identity Governance & Lifecycle",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "7.1.0 P09, 7.1.1 P03",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

community.rsa.com/docs/DOC-109310

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

AI Score

9.7

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

Related for CVELIST:CVE-2019-18572