4 matches found
CVE-2019-3759
CVE-2019-3759 affects RSA Identity Governance and Lifecycle / Aveksa prior to 7.1.0 P08. A code injection vulnerability allows a remote authenticated user to run Groovy scripts in the Workflow system, potentially gaining limited access to view or modify information. Public writeups describe remot...
CVE-2019-3763
CVE-2019-3763 affects RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.0 P08. The issue is an information exposure where an Office 365 user password can be logged in plain text in the Office 365 connector debug log file. An authenticated local attac...
CVE-2019-3760
The CVE-2019-3760 entry concerns RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.0 P08, which contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated attacker could exploit specially crafted input to execute SQL commands...
CVE-2019-3761
The CVE-2019-3761 entry describes a stored cross-site scripting vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products released before 7.1.0 P08, specifically in the Access Request module. A remote authenticated attacker could store malicious HTML or ...