CVE-2019-18572

CRITICAL

RSA Identity Governance and Lifecycle <7.1.1 P03 - Auth Bypass

Title source: llm
STIX 2.1

Description

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://community.rsa.com/docs/DOC-109310

Scores

CVSS v3 9.8
EPSS 0.0199
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306 CWE-522
Status published
Products (5)
dell/rsa_identity_governance_and_lifecycle 7.0
dell/rsa_identity_governance_and_lifecycle 7.0.1
dell/rsa_identity_governance_and_lifecycle 7.0.2
dell/rsa_identity_governance_and_lifecycle 7.1.0 (9 CPE variants)
dell/rsa_identity_governance_and_lifecycle 7.1.1 (3 CPE variants)
Published Dec 18, 2019
Tracked Since Feb 18, 2026