CVE-2019-18572

CRITICAL

RSA Identity Governance and Lifecycle <7.1.1 P03 - Auth Bypass

Title source: llm

Description

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0131
EPSS Percentile 79.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-522 CWE-306
Status published

Affected Products (15)

dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle
dell/rsa_identity_governance_and_lifecycle

Timeline

Published Dec 18, 2019
Tracked Since Feb 18, 2026