CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1245

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile4.36th
PublishedJul 13, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

Affected Platforms (CPE)

πŸ“¦
Emc

Rsa Identity Governance And Lifecycle

= 7.0.1
πŸ“¦
Emc

Rsa Identity Governance And Lifecycle

= 7.0.2
πŸ“¦
Emc

Rsa Identity Governance And Lifecycle

= 7.1.0

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2018/Jul/46
πŸ”— http://www.securitytracker.com/id/1041287
πŸ”— http://seclists.org/fulldisclosure/2018/Jul/46
πŸ”— http://www.securitytracker.com/id/1041287

Related Vulnerabilities

CVE-2019-185729.8

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Aut...

CVE-2019-185738.8

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixat...

CVE-2019-37638.8

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an inf...

CVE-2018-11827.8

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance a...