Vulnerability Description
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Rsa Identity Governance And Lifecycle | 7.0.1 |
| Dell | Rsa Via Lifecycle And Governance | 7.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Ex
- https://community.rsa.com/docs/DOC-106943
- http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Ex
- https://community.rsa.com/docs/DOC-106943
FAQ
What is CVE-2019-3759?
CVE-2019-3759 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could ...
How severe is CVE-2019-3759?
CVE-2019-3759 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3759?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Rsa Identity Governance And Lifecycle, Dell Rsa Via Lifecycle And Governance.