CVE-2019-18573

Summary

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Affected Software

VendorProductVersion RangeStatus
DellRSA Identity Governance & Lifecycleunspecified < 7.1.0 P09, 7.1.1 P03affected

Weaknesses

  • CWE-598: CWE-598: Information Exposure Through Query Strings in GET Request

ADP Enrichment

CVE Program Container

Additional References

References