CVE-2018-1245
9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RSA | RSA Identity Governance and Lifecycle | version 7.0.1, all patch levels | affected |
| RSA | RSA Identity Governance and Lifecycle | version 7.0.2, all patch levels | affected |
| RSA | RSA Identity Governance and Lifecycle | version 7.1.0, all patch levels | affected |
Weaknesses
- Authorization ByPass Vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.