CVE-2019-18572
First published: Wed Dec 18 2019(Updated: )
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Identity Governance and Lifecycle | =7.0 | |
| RSA Identity Governance and Lifecycle | =7.0.1 | |
| RSA Identity Governance and Lifecycle | =7.0.2 | |
| RSA Identity Governance and Lifecycle | =7.1.0 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p01 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p02 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p03 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p04 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p05 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p06 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p07 | |
| RSA Identity Governance and Lifecycle | =7.1.0-p08 | |
| RSA Identity Governance and Lifecycle | =7.1.1 | |
| RSA Identity Governance and Lifecycle | =7.1.1-p01 | |
| RSA Identity Governance and Lifecycle | =7.1.1-p02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18572?
CVE-2019-18572 has a high severity due to improper authentication vulnerabilities in the affected RSA products.
How do I fix CVE-2019-18572?
To fix CVE-2019-18572, upgrade to RSA Identity Governance and Lifecycle version 7.1.1 P03 or later.
Which RSA products are affected by CVE-2019-18572?
CVE-2019-18572 affects RSA Identity Governance and Lifecycle versions prior to 7.1.1 P03.
What type of attack can exploit CVE-2019-18572?
An unauthenticated remote attacker can exploit CVE-2019-18572 by connecting to a Java JMX agent configured with plain text password authentication.
Is CVE-2019-18572 related to configuration issues?
Yes, CVE-2019-18572 is related to configuration issues, specifically regarding the use of plain text authentication for JMX agents.
- agent/weakness
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/rsa identity governance and lifecycle
- version/rsa identity governance and lifecycle/7.0
- version/rsa identity governance and lifecycle/7.0.1
- version/rsa identity governance and lifecycle/7.0.2
- version/rsa identity governance and lifecycle/7.1.0
- version/rsa identity governance and lifecycle/7.1.0-p01
- version/rsa identity governance and lifecycle/7.1.0-p02
- version/rsa identity governance and lifecycle/7.1.0-p03
- version/rsa identity governance and lifecycle/7.1.0-p04
- version/rsa identity governance and lifecycle/7.1.0-p05
- version/rsa identity governance and lifecycle/7.1.0-p06
- version/rsa identity governance and lifecycle/7.1.0-p07
- version/rsa identity governance and lifecycle/7.1.0-p08
- version/rsa identity governance and lifecycle/7.1.1
- version/rsa identity governance and lifecycle/7.1.1-p01
- version/rsa identity governance and lifecycle/7.1.1-p02