CVE-2019-3759

Summary

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.

Affected Software

VendorProductVersion RangeStatus
DellRSA Identity Governance and Lifecycleunspecified < 7.1.1 P02affected
DellRSA Identity Governance and Lifecycleunspecified < 7.1.0 P08affected
DellRSA Identity Governance and Lifecycle7.0.2affected
DellRSA Identity Governance and Lifecycle7.0.1affected
DellRSA Via Lifecycle and Governance7.0affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References