CVE-2018-1245

CRITICAL

RSA Identity Governance and Lifecycle 7.0.1, 7.0.2, 7.1.0 - Authenticated Authorization Bypass in Workflow Architect

Title source: llm
STIX 2.1

Description

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041287
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/46

Scores

CVSS v3 9.0
EPSS 0.0046
EPSS Percentile 64.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-863
Status published
Products (3)
emc/rsa_identity_governance_and_lifecycle 7.0.1
emc/rsa_identity_governance_and_lifecycle 7.0.2
emc/rsa_identity_governance_and_lifecycle 7.1.0
Published Jul 13, 2018
Tracked Since Feb 18, 2026