7 matches found
CVE-2019-18571
The vulnerability is a reflected cross-site scripting (XSS) in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03, specifically in the My Access Live (MAL) module. An authenticated local user can craft a URL that injects script, which is then ex...
CVE-2019-3759
CVE-2019-3759 affects RSA Identity Governance and Lifecycle / Aveksa prior to 7.1.0 P08. A code injection vulnerability allows a remote authenticated user to run Groovy scripts in the Workflow system, potentially gaining limited access to view or modify information. Public writeups describe remot...
CVE-2019-18572
CVE-2019-18572 affects Dell RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance prior to version 7.1.1 P03. The issue is an Improper Authentication where a Java JMX agent on the remote host is configured with plain text password authentication, enabling an unauthenticated r...
CVE-2019-3763
CVE-2019-3763 affects RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.0 P08. The issue is an information exposure where an Office 365 user password can be logged in plain text in the Office 365 connector debug log file. An authenticated local attac...
CVE-2019-3760
The CVE-2019-3760 entry concerns RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.0 P08, which contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated attacker could exploit specially crafted input to execute SQL commands...
CVE-2019-18573
The CVE describes a Session Fixation vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03. The root cause is that the session token is exposed in the URL, enabling an authenticated local user’s session to be hijacked, after which ...
CVE-2019-3761
The CVE-2019-3761 entry describes a stored cross-site scripting vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products released before 7.1.0 P08, specifically in the Access Request module. A remote authenticated attacker could store malicious HTML or ...