CVE-2019-18573

HIGH

RSA Identity Governance <7.1.1 P03 - Session Fixation

Title source: llm

Description

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

References (1)

[Various Sources] https://community.rsa.com/docs/DOC-109310

Scores

CVSS v3 8.8

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-384 CWE-598

Status published

Products (5)

dell/rsa_identity_governance_and_lifecycle 7.0

dell/rsa_identity_governance_and_lifecycle 7.0.1

dell/rsa_identity_governance_and_lifecycle 7.0.2

dell/rsa_identity_governance_and_lifecycle 7.1.0 (9 CPE variants)

dell/rsa_identity_governance_and_lifecycle 7.1.1 (3 CPE variants)

Published Dec 18, 2019

Tracked Since Feb 18, 2026