PT-2019-16697 · Rsa · Rsa Identity Governance/Lifecycle+1

Published

2019-09-11

Updated

2020-08-31

CVE-2019-3759

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08 RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08

Description The issue allows a remote authenticated malicious user to potentially exploit a code injection vulnerability, enabling them to run custom Groovy scripts. This could result in limited access to view or modify information on the Workflow system.

Recommendations For RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later. For RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2019-3759

Affected Products

Rsa Identity Governance/Lifecycle

Rsa Via Lifecycle/Governance

PT-2019-16697 · Rsa · Rsa Identity Governance/Lifecycle+1

CVE-2019-3759

Weakness Enumeration

Related Identifiers

Affected Products

References · 5