CVE-2018-1255

Summary

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

Affected Software

VendorProductVersion RangeStatus
RSARSA Identity Governance and Lifecycleversion 7.0.1, all patch levelsaffected
RSARSA Identity Governance and Lifecycleversion 7.0.2, all patch levelsaffected
RSARSA Identity Governance and Lifecycleversion 7.1.0, all patch levelsaffected

Weaknesses

  • Reflected Cross-Site Scripting Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References