CVE-2019-3759

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
dellCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
dellrsa_identity_governance_and_lifecycle
7.0.1
dellrsa_identity_governance_and_lifecycle
7.0.1:p1
dellrsa_identity_governance_and_lifecycle
7.0.1:p2_hotfix2
dellrsa_identity_governance_and_lifecycle
7.0.1:p3
dellrsa_identity_governance_and_lifecycle
7.0.1:p4
dellrsa_identity_governance_and_lifecycle
7.0.1:p5
dellrsa_identity_governance_and_lifecycle
7.0.1:p5_hotfix2
dellrsa_identity_governance_and_lifecycle
7.0.2
dellrsa_identity_governance_and_lifecycle
7.0.2:p1
dellrsa_identity_governance_and_lifecycle
7.0.2:p10
dellrsa_identity_governance_and_lifecycle
7.0.2:p11
dellrsa_identity_governance_and_lifecycle
7.0.2:p12
dellrsa_identity_governance_and_lifecycle
7.0.2:p13
dellrsa_identity_governance_and_lifecycle
7.0.2:p14
dellrsa_identity_governance_and_lifecycle
7.0.2:p2
dellrsa_identity_governance_and_lifecycle
7.0.2:p3
dellrsa_identity_governance_and_lifecycle
7.0.2:p4
dellrsa_identity_governance_and_lifecycle
7.0.2:p5
dellrsa_identity_governance_and_lifecycle
7.0.2:p6
dellrsa_identity_governance_and_lifecycle
7.0.2:p7
dellrsa_identity_governance_and_lifecycle
7.0.2:p8
dellrsa_identity_governance_and_lifecycle
7.0.2:p9
dellrsa_identity_governance_and_lifecycle
7.1.0
dellrsa_identity_governance_and_lifecycle
7.1.0:p01
dellrsa_identity_governance_and_lifecycle
7.1.0:p02
dellrsa_identity_governance_and_lifecycle
7.1.0:p03
dellrsa_identity_governance_and_lifecycle
7.1.0:p04
dellrsa_identity_governance_and_lifecycle
7.1.0:p05
dellrsa_identity_governance_and_lifecycle
7.1.0:p06
dellrsa_identity_governance_and_lifecycle
7.1.0:p07
dellrsa_identity_governance_and_lifecycle
7.1.1
dellrsa_identity_governance_and_lifecycle
7.1.1:p1
dellrsa_via_lifecycle_and_governance
7.0.0
dellrsa_via_lifecycle_and_governance
7.0.0:p1
dellrsa_via_lifecycle_and_governance
7.0.0:p2
dellrsa_via_lifecycle_and_governance
7.0.0:p3
dellrsa_via_lifecycle_and_governance
7.0.0:p4
dellrsa_via_lifecycle_and_governance
7.0.0:p5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.html
https://community.rsa.com/docs/DOC-106943
http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.html
https://community.rsa.com/docs/DOC-106943