PT-2019-15526 · Rsa · Rsa Identity Governance/Lifecycle+1
Publicado
2019-12-18
·
Atualizado
2020-08-31
·
CVE-2019-18573
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03
RSA Via Lifecycle and Governance versions prior to 7.1.1 P03
Description
The issue allows an authenticated malicious local user to exploit a Session Fixation vulnerability, as the session token is exposed as part of the URL. A remote attacker can gain access to the victim's session and perform arbitrary actions with the privileges of the user within the compromised session.
Recommendations
For RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03, update to version 7.1.1 P03 or later to resolve the issue.
For RSA Via Lifecycle and Governance versions prior to 7.1.1 P03, update to version 7.1.1 P03 or later to resolve the issue.
Correção
Session Fixation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance