CVE-2019-18573

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
Configurations

Configuration 1

cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p01:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p02:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p08:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*

Information

Published : 2019-12-18 09:15

Updated : 2020-08-31 04:15


NVD link : CVE-2019-18573

Mitre link : CVE-2019-18573

Products Affected
No products.
CWE
CWE-384

Session Fixation