Vulnerabilities for Rsa identity governance and lifecycle (...) - CXSECURITY.COM

Vulnerabilities for
'Rsa identity governance and lifecycle'

2018-07-13

CVE-2018-1255

CWE-79

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

CVE-2018-1245

CWE-863

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

2018-07-11

CVE-2018-11049

CWE-427

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

2018-03-08

CVE-2018-1182

CWE-269

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.

2017-07-17

CVE-2017-8005

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.

CVE-2017-8004

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.

2017-06-09

CVE-2017-5004

EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.

CVE-2017-5003

EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.

>>> Vendor: EMC 177 Products

Legato networker

Navisphere manager

Retrospect client

Rsa security sitekey

Documentum administrator

Documentum webtop

Dantz retrospect backup server

Centera universal access

Documentum applicationxtender

Documentum applicationxtender workflow manager

Networker client

Networker module

Networker powersnap

Networker server

Networker storage node

Captiva pixtools distributed imaging

Homebase server

Rsa key manager client

Celerra network attached storage

Replication manager

Data protection advisor collector

Rsa adaptive authentication on-premise

Data loss prevention enterprise manager

Sourceone email management

Documentum eroom

Data protection advisor

Rsa key manager appliance

Documentum content server

Documentum xplore

Documentum information rights management

Documentum applicationxtender desktop

Captiva quickscan pro

Celerra network server

Applicationxtender desktop

Applicationxtender web access .net

Cloud tiering appliance virtual edition

Cloud tiering appliance

Rsa authentication agent

Rsa authentication client

Networker module for microsoft applications

Rsa data protection manager software server

Rsa data protection manager appliance

It operations intelligence

Rsa netwitness informer

Rsa archer egrc

Rsa archer smartsuite

Smarts network configuration manager

Smarts ip manager

Smarts mpls manager

Smarts network protocol manager

Smarts server manager

Smarts services assurance manager

Smarts voip availability manager

Documentum records manager

Documentum taskspace

Celerra control station

Vnx control station

Avamar server virtual edition

Documentum capital projects

Documentum digital asset manager

Documentum web publisher

Document sciences xpression

Rsa netwitness nextgen

Rsa security analytics

Connectrix manager

Documentum foundation services

Rsa bsafe ssl-j

Rsa data loss prevention

Vplex geosynchrony

See all Products for Vendor EMC

Copyright 2024, cxsecurity.com