PT-2019-16699 · Rsa · Rsa Identity Governance/Lifecycle+1
Published
2019-09-11
·
Updated
2020-08-31
·
CVE-2019-3761
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08
RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08
Description
The issue concerns a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would get executed by the web browser in the context of the vulnerable web application.
Recommendations
For RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
For RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance