CVE-2019-18571

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
dellCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
dellrsa_identity_governance_and_lifecycle
7.0
dellrsa_identity_governance_and_lifecycle
7.0.1
dellrsa_identity_governance_and_lifecycle
7.0.2
dellrsa_identity_governance_and_lifecycle
7.1.0
dellrsa_identity_governance_and_lifecycle
7.1.0:p01
dellrsa_identity_governance_and_lifecycle
7.1.0:p02
dellrsa_identity_governance_and_lifecycle
7.1.0:p03
dellrsa_identity_governance_and_lifecycle
7.1.0:p04
dellrsa_identity_governance_and_lifecycle
7.1.0:p05
dellrsa_identity_governance_and_lifecycle
7.1.0:p06
dellrsa_identity_governance_and_lifecycle
7.1.0:p07
dellrsa_identity_governance_and_lifecycle
7.1.0:p08
dellrsa_identity_governance_and_lifecycle
7.1.1
dellrsa_identity_governance_and_lifecycle
7.1.1:p01
dellrsa_identity_governance_and_lifecycle
7.1.1:p02
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.rsa.com/docs/DOC-109310
https://community.rsa.com/docs/DOC-109310