CVE-2019-18572
CRITICALRSA Identity Governance and Lifecycle <7.1.1 P03 - Auth Bypass
Title source: llmDescription
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://community.rsa.com/docs/DOC-109310
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
80.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-306
Status
published
Products (5)
dell/rsa_identity_governance_and_lifecycle
7.0
dell/rsa_identity_governance_and_lifecycle
7.0.1
dell/rsa_identity_governance_and_lifecycle
7.0.2
dell/rsa_identity_governance_and_lifecycle
7.1.0 (9 CPE variants)
dell/rsa_identity_governance_and_lifecycle
7.1.1 (3 CPE variants)
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026