CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-1245

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile4.36th
Published2018年7月13日
Last Modified2024年11月21日

Vulnerability Description

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

Affected Platforms (CPE)

📦
Emc

Rsa Identity Governance And Lifecycle

= 7.0.1
📦
Emc

Rsa Identity Governance And Lifecycle

= 7.0.2
📦
Emc

Rsa Identity Governance And Lifecycle

= 7.1.0

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Jul/46
🔗 http://www.securitytracker.com/id/1041287
🔗 http://seclists.org/fulldisclosure/2018/Jul/46
🔗 http://www.securitytracker.com/id/1041287

相关漏洞威胁

CVE-2019-185729.8

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Aut...

CVE-2019-185738.8

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixat...

CVE-2019-37638.8

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an inf...

CVE-2018-11827.8

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance a...