What is the severity of CVE-2019-3759?

CVE-2019-3759 has a high severity rating due to its potential for remote code execution by authenticated users.

Who is affected by CVE-2019-3759?

CVE-2019-3759 affects versions of RSA Identity Governance and Lifecycle prior to 7.1.0 P08, including 7.0.1 and 7.0.2.

What type of vulnerability is CVE-2019-3759?

CVE-2019-3759 is a code injection vulnerability that allows remote authenticated users to execute custom Groovy scripts.

What are the risks of CVE-2019-3759?

Exploiting CVE-2019-3759 could lead to unauthorized access and manipulation of sensitive data by running malicious scripts.

Vulnerability/
CVE-2019-3759

high

8.1

CWE

9/9/2019

4/8/2024

CVE-2019-3759: Code Injection

First published: Mon Sep 09 2019(Updated: )

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
EMC RSA Identity Governance and Lifecycle	=7.0.1
EMC RSA Identity Governance and Lifecycle	=7.0.1-p1
EMC RSA Identity Governance and Lifecycle	=7.0.1-p2_hotfix2
EMC RSA Identity Governance and Lifecycle	=7.0.1-p3
EMC RSA Identity Governance and Lifecycle	=7.0.1-p4
EMC RSA Identity Governance and Lifecycle	=7.0.1-p5
EMC RSA Identity Governance and Lifecycle	=7.0.1-p5_hotfix2
EMC RSA Identity Governance and Lifecycle	=7.0.2
EMC RSA Identity Governance and Lifecycle	=7.0.2-p1
EMC RSA Identity Governance and Lifecycle	=7.0.2-p10
EMC RSA Identity Governance and Lifecycle	=7.0.2-p11
EMC RSA Identity Governance and Lifecycle	=7.0.2-p12
EMC RSA Identity Governance and Lifecycle	=7.0.2-p13
EMC RSA Identity Governance and Lifecycle	=7.0.2-p14
EMC RSA Identity Governance and Lifecycle	=7.0.2-p2
EMC RSA Identity Governance and Lifecycle	=7.0.2-p3
EMC RSA Identity Governance and Lifecycle	=7.0.2-p4
EMC RSA Identity Governance and Lifecycle	=7.0.2-p5
EMC RSA Identity Governance and Lifecycle	=7.0.2-p6
EMC RSA Identity Governance and Lifecycle	=7.0.2-p7
EMC RSA Identity Governance and Lifecycle	=7.0.2-p8
EMC RSA Identity Governance and Lifecycle	=7.0.2-p9
EMC RSA Identity Governance and Lifecycle	=7.1.0
EMC RSA Identity Governance and Lifecycle	=7.1.0-p01
EMC RSA Identity Governance and Lifecycle	=7.1.0-p02
EMC RSA Identity Governance and Lifecycle	=7.1.0-p03
EMC RSA Identity Governance and Lifecycle	=7.1.0-p04
EMC RSA Identity Governance and Lifecycle	=7.1.0-p05
EMC RSA Identity Governance and Lifecycle	=7.1.0-p06
EMC RSA Identity Governance and Lifecycle	=7.1.0-p07
EMC RSA Identity Governance and Lifecycle	=7.1.1
EMC RSA Identity Governance and Lifecycle	=7.1.1-p1
EMC RSA Identity Governance and Lifecycle	=7.0.0
EMC RSA Identity Governance and Lifecycle	=7.0.0-p1
EMC RSA Identity Governance and Lifecycle	=7.0.0-p2
EMC RSA Identity Governance and Lifecycle	=7.0.0-p3
EMC RSA Identity Governance and Lifecycle	=7.0.0-p4
EMC RSA Identity Governance and Lifecycle	=7.0.0-p5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-3759?
CVE-2019-3759 has a high severity rating due to its potential for remote code execution by authenticated users.
How do I fix CVE-2019-3759?
To fix CVE-2019-3759, upgrade the RSA Identity Governance and Lifecycle software to version 7.1.0 P08 or later.
Who is affected by CVE-2019-3759?
CVE-2019-3759 affects versions of RSA Identity Governance and Lifecycle prior to 7.1.0 P08, including 7.0.1 and 7.0.2.
What type of vulnerability is CVE-2019-3759?
CVE-2019-3759 is a code injection vulnerability that allows remote authenticated users to execute custom Groovy scripts.
What are the risks of CVE-2019-3759?
Exploiting CVE-2019-3759 could lead to unauthorized access and manipulation of sensitive data by running malicious scripts.

agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dell
canonical/emc rsa identity governance and lifecycle
version/emc rsa identity governance and lifecycle/7.0.1
version/emc rsa identity governance and lifecycle/7.0.1-p1
version/emc rsa identity governance and lifecycle/7.0.1-p2_hotfix2
version/emc rsa identity governance and lifecycle/7.0.1-p3
version/emc rsa identity governance and lifecycle/7.0.1-p4
version/emc rsa identity governance and lifecycle/7.0.1-p5
version/emc rsa identity governance and lifecycle/7.0.1-p5_hotfix2
version/emc rsa identity governance and lifecycle/7.0.2
version/emc rsa identity governance and lifecycle/7.0.2-p1
version/emc rsa identity governance and lifecycle/7.0.2-p10
version/emc rsa identity governance and lifecycle/7.0.2-p11
version/emc rsa identity governance and lifecycle/7.0.2-p12
version/emc rsa identity governance and lifecycle/7.0.2-p13
version/emc rsa identity governance and lifecycle/7.0.2-p14
version/emc rsa identity governance and lifecycle/7.0.2-p2
version/emc rsa identity governance and lifecycle/7.0.2-p3
version/emc rsa identity governance and lifecycle/7.0.2-p4
version/emc rsa identity governance and lifecycle/7.0.2-p5
version/emc rsa identity governance and lifecycle/7.0.2-p6
version/emc rsa identity governance and lifecycle/7.0.2-p7
version/emc rsa identity governance and lifecycle/7.0.2-p8
version/emc rsa identity governance and lifecycle/7.0.2-p9
version/emc rsa identity governance and lifecycle/7.1.0
version/emc rsa identity governance and lifecycle/7.1.0-p01
version/emc rsa identity governance and lifecycle/7.1.0-p02
version/emc rsa identity governance and lifecycle/7.1.0-p03
version/emc rsa identity governance and lifecycle/7.1.0-p04
version/emc rsa identity governance and lifecycle/7.1.0-p05
version/emc rsa identity governance and lifecycle/7.1.0-p06
version/emc rsa identity governance and lifecycle/7.1.0-p07
version/emc rsa identity governance and lifecycle/7.1.1
version/emc rsa identity governance and lifecycle/7.1.1-p1
version/emc rsa identity governance and lifecycle/7.0.0
version/emc rsa identity governance and lifecycle/7.0.0-p1
version/emc rsa identity governance and lifecycle/7.0.0-p2
version/emc rsa identity governance and lifecycle/7.0.0-p3
version/emc rsa identity governance and lifecycle/7.0.0-p4
version/emc rsa identity governance and lifecycle/7.0.0-p5

CVE-2019-3759: Code Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-3759?

How do I fix CVE-2019-3759?

Who is affected by CVE-2019-3759?

What type of vulnerability is CVE-2019-3759?

What are the risks of CVE-2019-3759?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-3759?

How do I fix CVE-2019-3759?

Who is affected by CVE-2019-3759?

What type of vulnerability is CVE-2019-3759?

What are the risks of CVE-2019-3759?