CVE-2019-18571: XSS
First published: Wed Dec 18 2019(Updated: )
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Identity Governance and Lifecycle | =7.0 | |
| RSA Identity Governance and Lifecycle | =7.0.1 | |
| RSA Identity Governance and Lifecycle | =7.0.2 | |
| RSA Identity Governance and Lifecycle | =7.1.0 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p01 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p02 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p03 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p04 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p05 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p06 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p07 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p08 | |
| RSA Identity Governance and Lifecycle | =7.1.1 | |
| RSA Identity Governance and Lifecycle | =7.1.1-p01 | |
| RSA Identity Governance and Lifecycle | =7.1.1-p02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18571?
CVE-2019-18571 is categorized as a reflected cross-site scripting vulnerability.
How do I fix CVE-2019-18571?
To mitigate CVE-2019-18571, upgrade to RSA Identity Governance and Lifecycle version 7.1.1 P03 or later.
Who is affected by CVE-2019-18571?
CVE-2019-18571 affects users of RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03.
Can CVE-2019-18571 be exploited by remote attackers?
No, CVE-2019-18571 requires an authenticated local user to exploit the vulnerability.
What kind of attack is possible with CVE-2019-18571?
CVE-2019-18571 could allow an authenticated attacker to execute arbitrary scripts in the context of other users.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/rsa identity governance and lifecycle
- version/rsa identity governance and lifecycle/7.0
- version/rsa identity governance and lifecycle/7.0.1
- version/rsa identity governance and lifecycle/7.0.2
- version/rsa identity governance and lifecycle/7.1.0
- version/rsa identity governance and lifecycle/7.1.0-p01
- version/rsa identity governance and lifecycle/7.1.0-p02
- version/rsa identity governance and lifecycle/7.1.0-p03
- version/rsa identity governance and lifecycle/7.1.0-p04
- version/rsa identity governance and lifecycle/7.1.0-p05
- version/rsa identity governance and lifecycle/7.1.0-p06
- version/rsa identity governance and lifecycle/7.1.0-p07
- version/rsa identity governance and lifecycle/7.1.0-p08
- version/rsa identity governance and lifecycle/7.1.1
- version/rsa identity governance and lifecycle/7.1.1-p01
- version/rsa identity governance and lifecycle/7.1.1-p02