CVE-2019-18573 — HIGH (8.8)

Vulnerability Description

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Rsa Identity Governance And Lifecycle	7.0

Related Weaknesses (CWE)

CWE-384 CWE-598

References

FAQ

What is CVE-2019-18573?

CVE-2019-18573 is a vulnerability with a CVSS score of 8.8 (HIGH). The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potenti...

How severe is CVE-2019-18573?

CVE-2019-18573 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18573?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Rsa Identity Governance And Lifecycle.