CVE-2019-18573
moderate-risk
Published 2019-12-18
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
Do I need to act?
-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (15)
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Affected Vendors
49
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
18/34 · Moderate