CVE-2018-1245Incorrect Authorization in Identity Governance AND Lifecycle

CWE-863Incorrect Authorization3 documents3 sources
Severity
8.8HIGHNVD
CNA9.0
EPSS
0.5%
top 36.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RSA Identity Governance AND LifecycleEMC RSA Identity Governance AND Lifecycle
Timeline
PublishedJul 13
Latest updateMay 13

Description

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5rsa/rsa_identity_governance_and_lifecycleversion 7.0.1, all patch levels, version 7.0.2, all patch levels, version 7.1.0, all patch levels+2

🔴Vulnerability Details

2
GHSA
GHSA-j3hm-2gx9-6x67: RSA Identity Lifecycle and Governance versions 72022-05-13
CVEList
Authorization ByPass Vulnerability2018-07-13
CVE-2018-1245 — Incorrect Authorization | cvebase