CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18571

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.8%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2019-18571

Dell » Rsa Identity Governance And Lifecycle » Version: 7.0

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0
Dell » Rsa Identity Governance And Lifecycle » Version: 7.0.1

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1
Dell » Rsa Identity Governance And Lifecycle » Version: 7.0.2

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2
Dell » Rsa Identity Governance And Lifecycle » Version: 7.1.0

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0
Dell » Rsa Identity Governance And Lifecycle » Version: 7.1.1

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18571

Products

Pricing

Contact Us