CVE-2019-18573
The CVE describes a Session Fixation vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03. The root cause is that the session token is exposed in the URL, enabling an authenticated local user’s session to be hijacked, after which ...