CRITICAL🇬🇧 English

CVE-2018-1245

CVSS 9.0v3.0pub. 2018-07-13upd. 2024-11-21

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Emc Rsa Identity Governance And Lifecycle

    APP
    Emc
    7.0.17.0.27.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-11049HIGH7.3ten sam produkt

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontro...

CVE-2018-1182HIGH7.8ten sam produkt

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (...

CVE-2017-8004HIGH7.2ten sam produkt

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Iden...

CVE-2018-1255MEDIUM6.1ten sam produkt

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scriptin...

CVE-2017-8005MEDIUM5.4ten sam produkt

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Ide...