PT-2019-16698 · Rsa · Rsa Identity Governance/Lifecycle+1
Publicado
2019-09-11
·
Atualizado
2020-08-31
·
CVE-2019-3760
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08
RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08
Description
The issue concerns a SQL Injection vulnerability in Workflow Architect, which could be exploited by a remote authenticated malicious user. This user could execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application.
Recommendations
For RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
For RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
Correção
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance