CVE-2019-3759

MEDIUM

Dell Rsa Identity Governance And Lifecycle - Code Injection

Title source: rule

Description

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.

Exploits (1)

exploitdb WORKING POC

by Jakub Palaczynski · textwebappsmultiple

https://www.exploit-db.com/exploits/48639

View Code ZIP pw:eip

References (2)

[Various Sources] https://community.rsa.com/docs/DOC-106943

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.html

Scores

CVSS v3 6.4

EPSS 0.0123

EPSS Percentile 79.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Details

CWE

CWE-94

Status published

Products (5)

dell/rsa_identity_governance_and_lifecycle 7.0.1 (7 CPE variants)

dell/rsa_identity_governance_and_lifecycle 7.0.2 (15 CPE variants)

dell/rsa_identity_governance_and_lifecycle 7.1.0 (8 CPE variants)

dell/rsa_identity_governance_and_lifecycle 7.1.1 (2 CPE variants)

dell/rsa_via_lifecycle_and_governance 7.0.0 (6 CPE variants)

Published Sep 11, 2019

Tracked Since Feb 18, 2026