CVE-2019-18573

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p01:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p02:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p08:*:*:*:*:*:*

Information

Published : 2019-12-18 13:15

Updated : 2020-08-31 09:15


NVD link : CVE-2019-18573

Mitre link : CVE-2019-18573


JSON object : View

CWE
CWE-384

Session Fixation

Advertisement

dedicated server usa

Products Affected

dell

  • rsa_identity_governance_and_lifecycle