What is the severity of CVE-2019-18571?

CVE-2019-18571 is categorized as a reflected cross-site scripting vulnerability.

How do I fix CVE-2019-18571?

To mitigate CVE-2019-18571, upgrade to RSA Identity Governance and Lifecycle version 7.1.1 P03 or later.

Who is affected by CVE-2019-18571?

CVE-2019-18571 affects users of RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03.

Can CVE-2019-18571 be exploited by remote attackers?

No, CVE-2019-18571 requires an authenticated local user to exploit the vulnerability.

What kind of attack is possible with CVE-2019-18571?

CVE-2019-18571 could allow an authenticated attacker to execute arbitrary scripts in the context of other users.

Vulnerability/
CVE-2019-18571

medium

5.4

CWE

18/12/2019

16/9/2024

CVE-2019-18571: XSS

First published: Wed Dec 18 2019(Updated: )

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
EMC RSA Identity Governance and Lifecycle	=7.0
EMC RSA Identity Governance and Lifecycle	=7.0.1
EMC RSA Identity Governance and Lifecycle	=7.0.2
EMC RSA Identity Governance and Lifecycle	=7.1.0
EMC RSA Identity Governance and Lifecycle	=7.1.0-p01
EMC RSA Identity Governance and Lifecycle	=7.1.0-p02
EMC RSA Identity Governance and Lifecycle	=7.1.0-p03
EMC RSA Identity Governance and Lifecycle	=7.1.0-p04
EMC RSA Identity Governance and Lifecycle	=7.1.0-p05
EMC RSA Identity Governance and Lifecycle	=7.1.0-p06
EMC RSA Identity Governance and Lifecycle	=7.1.0-p07
EMC RSA Identity Governance and Lifecycle	=7.1.0-p08
EMC RSA Identity Governance and Lifecycle	=7.1.1
EMC RSA Identity Governance and Lifecycle	=7.1.1-p01
EMC RSA Identity Governance and Lifecycle	=7.1.1-p02

Never miss a vulnerability like this again

Reference Links

https://community.rsa.com/docs/DOC-109310

Frequently Asked Questions

What is the severity of CVE-2019-18571?
CVE-2019-18571 is categorized as a reflected cross-site scripting vulnerability.
How do I fix CVE-2019-18571?
To mitigate CVE-2019-18571, upgrade to RSA Identity Governance and Lifecycle version 7.1.1 P03 or later.
Who is affected by CVE-2019-18571?
CVE-2019-18571 affects users of RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03.
Can CVE-2019-18571 be exploited by remote attackers?
No, CVE-2019-18571 requires an authenticated local user to exploit the vulnerability.
What kind of attack is possible with CVE-2019-18571?
CVE-2019-18571 could allow an authenticated attacker to execute arbitrary scripts in the context of other users.

agent/type
agent/softwarecombine
agent/severity
agent/author
agent/weakness
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dell
canonical/emc rsa identity governance and lifecycle
version/emc rsa identity governance and lifecycle/7.0
version/emc rsa identity governance and lifecycle/7.0.1
version/emc rsa identity governance and lifecycle/7.0.2
version/emc rsa identity governance and lifecycle/7.1.0
version/emc rsa identity governance and lifecycle/7.1.0-p01
version/emc rsa identity governance and lifecycle/7.1.0-p02
version/emc rsa identity governance and lifecycle/7.1.0-p03
version/emc rsa identity governance and lifecycle/7.1.0-p04
version/emc rsa identity governance and lifecycle/7.1.0-p05
version/emc rsa identity governance and lifecycle/7.1.0-p06
version/emc rsa identity governance and lifecycle/7.1.0-p07
version/emc rsa identity governance and lifecycle/7.1.0-p08
version/emc rsa identity governance and lifecycle/7.1.1
version/emc rsa identity governance and lifecycle/7.1.1-p01
version/emc rsa identity governance and lifecycle/7.1.1-p02

Frequently Asked Questions

What is the severity of CVE-2019-18571?
CVE-2019-18571 is categorized as a reflected cross-site scripting vulnerability.
How do I fix CVE-2019-18571?
To mitigate CVE-2019-18571, upgrade to RSA Identity Governance and Lifecycle version 7.1.1 P03 or later.
Who is affected by CVE-2019-18571?
CVE-2019-18571 affects users of RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03.
Can CVE-2019-18571 be exploited by remote attackers?
No, CVE-2019-18571 requires an authenticated local user to exploit the vulnerability.
What kind of attack is possible with CVE-2019-18571?
CVE-2019-18571 could allow an authenticated attacker to execute arbitrary scripts in the context of other users.

CVE-2019-18571: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-18571?

How do I fix CVE-2019-18571?

Who is affected by CVE-2019-18571?

Can CVE-2019-18571 be exploited by remote attackers?

What kind of attack is possible with CVE-2019-18571?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-18571?

How do I fix CVE-2019-18571?

Who is affected by CVE-2019-18571?

Can CVE-2019-18571 be exploited by remote attackers?

What kind of attack is possible with CVE-2019-18571?