CVE-2019-3761

Name of the Vulnerable Software and Affected Versions RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08 RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08

Description The issue concerns a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would get executed by the web browser in the context of the vulnerable web application.

Recommendations For RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later. For RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.