CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1255

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://seclists.org/fulldisclosure/2018/Jul/46
http://www.securitytracker.com/id/1041287
http://seclists.org/fulldisclosure/2018/Jul/46
http://www.securitytracker.com/id/1041287

Products affected by CVE-2018-1255

Emc » Rsa Identity Governance And Lifecycle » Version: 7.0.1

cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.1
Emc » Rsa Identity Governance And Lifecycle » Version: 7.0.2

cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.0.2
Emc » Rsa Identity Governance And Lifecycle » Version: 7.1.0

cpe:2.3:a:emc:rsa_identity_governance_and_lifecycle:7.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1255

Products

Pricing

Contact Us