CVE-2019-3759

Опубликовано: 11 сент. 2019

Источник: nvd

CVSS3: 6.4

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:-:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p1:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p2_hotfix2:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p3:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p4:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5_hotfix2:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:-:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p1:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p10:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p11:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p12:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p13:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p14:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p2:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p3:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p4:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p5:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p6:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p7:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p8:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p9:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p1:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:-:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p1:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p2:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p3:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p4:*:*:*:*:*:*

cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p5:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01233

Низкий

6.4 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-2j3c-m8j3-c8j2

github

больше 3 лет назад

EPSS

Процентиль: 79%

0.01233

Низкий

6.4 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-94