Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-18573

Опубликовано: 18 дек. 2019
Источник: nvd
CVSS3: 8.7
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p08:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p01:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p02:*:*:*:*:*:*

EPSS

Процентиль: 46%
0.00232
Низкий

8.7 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-598
CWE-384

Связанные уязвимости

github логотип

GHSA-h25m-5xq7-8h6q

github
больше 3 лет назад

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim�s session and perform arbitrary actions with privileges of the user within the compromised session.

EPSS

Процентиль: 46%
0.00232
Низкий

8.7 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-598
CWE-384