What is the vulnerability ID of RSA Identity Lifecycle and Governance?

The vulnerability ID of RSA Identity Lifecycle and Governance is CVE-2018-1245.

What is the severity of CVE-2018-1245?

The severity of CVE-2018-1245 is critical with a score of 8.8.

Which software versions are affected by CVE-2018-1245?

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2, and 7.1.0 are affected by CVE-2018-1245.

What is the risk of CVE-2018-1245?

The risk of CVE-2018-1245 is an authorization bypass vulnerability that allows a remote authenticated malicious user to bypass Java Security Policies.

Are there any references for CVE-2018-1245?

Yes, you can find references for CVE-2018-1245 at these links: [http://seclists.org/fulldisclosure/2018/Jul/46](http://seclists.org/fulldisclosure/2018/Jul/46) and [http://www.securitytracker.com/id/1041287](http://www.securitytracker.com/id/1041287).

Vulnerability/
CVE-2018-1245

critical

CWE

863

13/7/2018

16/9/2024

CVE-2018-1245: Authorization ByPass Vulnerability

First published: Fri Jul 13 2018(Updated: )

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
EMC RSA Identity Governance and Lifecycle	=7.0.1
EMC RSA Identity Governance and Lifecycle	=7.0.2
EMC RSA Identity Governance and Lifecycle	=7.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of RSA Identity Lifecycle and Governance?
The vulnerability ID of RSA Identity Lifecycle and Governance is CVE-2018-1245.
What is the severity of CVE-2018-1245?
The severity of CVE-2018-1245 is critical with a score of 8.8.
Which software versions are affected by CVE-2018-1245?
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2, and 7.1.0 are affected by CVE-2018-1245.
What is the risk of CVE-2018-1245?
The risk of CVE-2018-1245 is an authorization bypass vulnerability that allows a remote authenticated malicious user to bypass Java Security Policies.
Are there any references for CVE-2018-1245?
Yes, you can find references for CVE-2018-1245 at these links: [http://seclists.org/fulldisclosure/2018/Jul/46](http://seclists.org/fulldisclosure/2018/Jul/46) and [http://www.securitytracker.com/id/1041287](http://www.securitytracker.com/id/1041287).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/tags
agent/title
agent/last-modified-date
agent/author
agent/first-publish-date
agent/event
agent/description
vendor/emc
canonical/emc rsa identity governance and lifecycle
version/emc rsa identity governance and lifecycle/7.0.1
version/emc rsa identity governance and lifecycle/7.0.2
version/emc rsa identity governance and lifecycle/7.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.