Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18572

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

Published

2019-12-18T21:15:12.943

Last Modified

2024-11-21T04:33:19.300

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-306
  • Type: Primary
    CWE-522
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application dell rsa_identity_governance_and_lifecycle 7.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.0.1 Yes
Application dell rsa_identity_governance_and_lifecycle 7.0.2 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.0 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.1 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.1 Yes
Application dell rsa_identity_governance_and_lifecycle 7.1.1 Yes
References