Vulnerability Name:

CVE-2018-1245

Assigned:2017-12-06
Published:2018-07-11
Updated:2018-07-13
Summary:RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
7.8 High (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
References:Source: FULLDISC
Type: UNKNOWN
20180711 DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
rsa-identity-cve20181245-sec-bypass(146299)

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    emc rsa identity governance and lifecycle 7.0.1
    emc rsa identity governance and lifecycle 7.0.2