PT-2019-15524 · Rsa · Rsa Identity Governance/Lifecycle+1
Published
2019-12-18
·
Updated
2020-08-31
·
CVE-2019-18571
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03
RSA Via Lifecycle and Governance versions prior to 7.1.1 P03
Description
The issue concerns a reflected cross-site scripting vulnerability in the My Access Live module. An authenticated malicious user could exploit this by sending a crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.
Recommendations
For RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03, update to version 7.1.1 P03 or later.
For RSA Via Lifecycle and Governance versions prior to 7.1.1 P03, update to version 7.1.1 P03 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance