CVE-2019-18573
8.7
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Summary
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | RSA Identity Governance & Lifecycle | unspecified < 7.1.0 P09, 7.1.1 P03 | affected |
Weaknesses
- CWE-598: CWE-598: Information Exposure Through Query Strings in GET Request
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.