← back
CVE-2019-3759

CVE-2019-3759

CVSS 6.4 MEDIUMEPSS 3.2%CWE-94
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products
Dell · RSA Identity Governance and LifecycleDell · RSA Via Lifecycle and Governance
public PoCs found2
cve_referencepacketstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48639unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.htmlhttps://community.rsa.com/docs/DOC-106943