PT-2019-15525 · Rsa+1 · Rsa Identity Governance/Lifecycle+2

Publicado

2019-12-18

Atualizado

2020-10-22

CVE-2019-18572

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03 RSA Via Lifecycle and Governance versions prior to 7.1.1 P03

Description The issue concerns an Improper Authentication vulnerability. A Java JMX agent is configured with plain text password authentication, allowing an unauthenticated remote attacker to connect and monitor and manage the Java application.

Recommendations For RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03, update to version 7.1.1 P03 or later. For RSA Via Lifecycle and Governance versions prior to 7.1.1 P03, update to version 7.1.1 P03 or later.

Correção

Missing Authentication

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-522

Identificadores relacionados

CVE-2019-18572

Produtos afetados

Java

Rsa Identity Governance/Lifecycle

Rsa Via Lifecycle/Governance

PT-2019-15525 · Rsa+1 · Rsa Identity Governance/Lifecycle+2

CVE-2019-18572

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3