CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18573

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.0%

CVSS Severity

CVSS v3 Score 8.7

CVSS v2 Score 6.8

References

Products affected by CVE-2019-18573

Dell » Rsa Identity Governance And Lifecycle » Version: 7.0

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0
Dell » Rsa Identity Governance And Lifecycle » Version: 7.0.1

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1
Dell » Rsa Identity Governance And Lifecycle » Version: 7.0.2

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2
Dell » Rsa Identity Governance And Lifecycle » Version: 7.1.0

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0
Dell » Rsa Identity Governance And Lifecycle » Version: 7.1.1

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18573

Products

Pricing

Contact Us