Vulnerability Name:

CVE-2018-1255

Assigned:2017-12-06
Published:2018-07-11
Updated:2018-07-13
Summary:RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
CVSS v3 Severity:6.1 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
References:Source: FULLDISC
Type: UNKNOWN
20180711 DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
rsa-identity-cve20181255-xss(146300)

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:emc:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:emc:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    emc rsa identity governance and lifecycle 7.0.1
    emc rsa identity governance and lifecycle 7.0.2