Lucene search

DellCVELIST:CVE-2019-3761

HistorySep 11, 2019 - 7:17 p.m.

CVE-2019-3761

2019-09-1119:17:30

CWE-79

dell

www.cve.org

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application.

CNA Affected

[
  {
    "product": "RSA Identity Governance and Lifecycle",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "7.1.1 P02",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.1.0 P08",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.0.2"
      },
      {
        "status": "affected",
        "version": "7.0.1"
      }
    ]
  },
  {
    "product": "RSA Via Lifecycle and Governance",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      }
    ]
  }
]

References

community.rsa.com/docs/DOC-106943