CVE-2018-1255
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RSA | RSA Identity Governance and Lifecycle | version 7.0.1, all patch levels | affected |
| RSA | RSA Identity Governance and Lifecycle | version 7.0.2, all patch levels | affected |
| RSA | RSA Identity Governance and Lifecycle | version 7.1.0, all patch levels | affected |
Weaknesses
- Reflected Cross-Site Scripting Vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.