Vulnerability Details CVE-2018-1245
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v3 Score 9.0
CVSS v2 Score 9.0
References
Products affected by CVE-2018-1245
-
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1
-
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2
-
cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.1.0